WIP snap for 0ad
Jamie Strandboge
jamie at canonical.com
Fri Nov 18 13:49:17 UTC 2016
On Fri, 2016-11-18 at 07:37 -0600, Jamie Strandboge wrote:
> On Fri, 2016-11-18 at 13:13 +0100, Olivier Tilloy wrote:
> >
> > Hi everyone,
> >
> > I’ve been working on snapping up 0ad¹ as a side project, and I’m at
> > the point where I’ve got it to run fully confined.
> >
> > I’ve had to modify the generated seccomp profile for this to work
> > though, and I’m not sure where to take it from there. The game uses
> > the following syscalls which are not allowed by default: setpriority
> > and sched_setaffinity. I can get setpriority by adding the
> > process-control plug (which needs manual connection), but it doesn’t
> > appear any sensible interface exposes sched_setaffinity
> > (docker-support does, but that’s obviously not a solution).
> >
> > What would interface experts suggest? Would it make sense to add
> > sched_setaffinity to process-control? Or to create a new privileged
> > interface for just that one syscall?
> >
> Fyi, there is a bug for setpriority. It looks like sched_setaffinity would be
> fine for process-control and I just prepared a PR for it. It looks like it
> works
> much like setpriority and so we'll be able to add it to the default template
> soon for certain invocations (I suspect you'll be able to drop proces-control
> then).
>
Re setpriority bug> I should have been more clear. There is a bug already for it
to be usable in the default template so process-control isn't always needed.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161118/4a1b585d/attachment.sig>
More information about the Snapcraft
mailing list