Comment 8 for bug 1732030

Hi Julian,
I have broken down the testcase into reproducible steps:

Testcase - TL;DR get running guest with IP and enable libvirt nss:
$ apt install libnss-libvirt libvirt-dameon-system
$ apt update
$ uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=artful
$ uvt-kvm create --password=ubuntu testguest release=artful arch=amd64 label=daily
$ vim /etc/nsswitch.conf
# add libvirt to the hosts line
$ apt download hello

So would the following be good then?
$ cat /etc/apt/apt.conf.d/90libnss-libvirt
apt::sandbox::seccomp::allow { "getdents" };

I wonder about a few things:
1. is there a format that does not "set" but append this to ensure if one placed other seccomp allows that they do not interfere?
2. I'm not sure everybody is hitting that through libnss-libvirt so I might only fix one of many incarnations of this.
3. this is only for newer apt needs this right - so only >=bionic ok?