WIP snap for 0ad

Jamie Strandboge jamie at canonical.com
Fri Nov 18 13:37:26 UTC 2016


On Fri, 2016-11-18 at 13:13 +0100, Olivier Tilloy wrote:
> Hi everyone,
> 
> I’ve been working on snapping up 0ad¹ as a side project, and I’m at
> the point where I’ve got it to run fully confined.
> 
> I’ve had to modify the generated seccomp profile for this to work
> though, and I’m not sure where to take it from there. The game uses
> the following syscalls which are not allowed by default: setpriority
> and sched_setaffinity. I can get setpriority by adding the
> process-control plug (which needs manual connection), but it doesn’t
> appear any sensible interface exposes sched_setaffinity
> (docker-support does, but that’s obviously not a solution).
> 
> What would interface experts suggest? Would it make sense to add
> sched_setaffinity to process-control? Or to create a new privileged
> interface for just that one syscall?
> 

Fyi, there is a bug for setpriority. It looks like sched_setaffinity would be
fine for process-control and I just prepared a PR for it. It looks like it works
much like setpriority and so we'll be able to add it to the default template
soon for certain invocations (I suspect you'll be able to drop proces-control
then). 

In the future you can also simply file a bug and add the 'snapd-interface' tag.
Thanks for bringing this up!

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161118/6399c145/attachment.sig>


More information about the Snapcraft mailing list