Overriding seccomp policy: shm_open
Simon Fels
simon.fels at canonical.com
Mon Aug 1 05:27:06 UTC 2016
On 01.08.2016 06:55, Jacob Zimmermann wrote:
> Hi
>
> I'm trying to get my hands on snapcraft by building a snap of "Hatari"
> (Atari ST emulator). I got it working nicely in devmode but it won't run
> under strict confinement, specifically it gets killed when attempting to
> execute shm_open().
>
> Based on whatever little information I could gather I tried to override
> the default policy like so:
>
> apps:
> hatari:
> command: hatari
> plugs: [home, unity7, hatari-permissions]
>
> ...
>
> plugs:
> hatari-permissions:
> type: old-security
> security-override:
> syscalls: [shm_open]
The old-security interface is not available any more. To be able to
further comment on the problem you hit here it will be good to know for
what the Hatari emulator wants to use the shm_open syscall.
> But no avail, it just won't let it use this syscall. I couldn't find
> anything in the docs about how is it supposed to be done.
To allow your snap to use the syscall shm_open it needs to use an
interface which allows this. Its very likely that in this case there is
no appropriate interface yet. As stated above we need to first find out
what the emulator tries to do with shm_open here before we can judge
further what kind of interface it would need.
regards,
Simon
More information about the Snapcraft
mailing list