Comment 9 for bug 1732030

1. This is appending. You could also write it apt::sandbox::seccomp::allow:: "getdents" but the list notation is documented.

2. Right. Others might have other issues, mostly depending on their NSS modules. I don't think we'll fix all of them. But I don't think there are many users with non-standard NSS modules, so this maybe affects what, 1 to 5% of the users?

3. Exactly

We can eventually also enable getdents in apt itself, once the methods do not need write access to partial/ anymore (because the main process then opens the file and sends it via a socket). I only disabled it for now so one method cannot find files used by other methods (except for guessing).