APT::Sandbox::Seccomp prevents connect,sendto,socket syscalls on Focal

# Steps to reproduce:

$ lxc launch images:ubuntu/focal fa1
$ lxc shell fa1
root@fa1:~# echo 'APT::Sandbox::Seccomp "true";' > /etc/apt/apt.conf.d/01apt-seccomp
root@fa1:~# rm /var/lib/apt/lists/*Release # makes sure we fetch stuff from the network
root@fa1:~# apt-get update
Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
Get:2 http://archive.ubuntu.com/ubuntu focal InRelease [255 kB]
Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [976 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [8,623 kB]
30% [4 Packages store 0 B] [5 Packages 100 kB/8,623 kB 1%]
 **** Seccomp prevented execution of syscall 0000000041 on architecture amd64 ****
Reading package lists... Done
E: Method store has died unexpectedly!
E: Sub-process store returned an error code (31)

This was tested in a container as well as inside a VM, same issue. This used to work with Bionic.

# Workaround

Fortunately, apt supports manual whitelisting of syscalls. A workaround is to allow 3 more syscalls.

root@fa1:~# echo 'APT::Sandbox::Seccomp::Allow "connect,sendto,socket";' >> /etc/apt/apt.conf.d/01apt-seccomp

# Additional information

root@fa1:~# lsb_release -rd
Description: Ubuntu Focal Fossa (development branch)
Release: 20.04

root@fa1:~# uname -a
Linux fa1 5.3.0-40-generic #32~18.04.1-Ubuntu SMP Mon Feb 3 14:05:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

root@fa1:~# apt-cache policy apt libc-bin
apt:
  Installed: 1.9.10
  Candidate: 1.9.10
  Version table:
 *** 1.9.10 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
        100 /var/lib/dpkg/status
libc-bin:
  Installed: 2.31-0ubuntu5
  Candidate: 2.31-0ubuntu5
  Version table:
 *** 2.31-0ubuntu5 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
        100 /var/lib/dpkg/status