On Fri, Nov 18, 2016 at 2:37 PM, Jamie Strandboge <[email protected]> wrote: > On Fri, 2016-11-18 at 13:13 +0100, Olivier Tilloy wrote: >> Hi everyone, >> >> I’ve been working on snapping up 0ad¹ as a side project, and I’m at >> the point where I’ve got it to run fully confined. >> >> I’ve had to modify the generated seccomp profile for this to work >> though, and I’m not sure where to take it from there. The game uses >> the following syscalls which are not allowed by default: setpriority >> and sched_setaffinity. I can get setpriority by adding the >> process-control plug (which needs manual connection), but it doesn’t >> appear any sensible interface exposes sched_setaffinity >> (docker-support does, but that’s obviously not a solution). >> >> What would interface experts suggest? Would it make sense to add >> sched_setaffinity to process-control? Or to create a new privileged >> interface for just that one syscall? >> > > Fyi, there is a bug for setpriority. It looks like sched_setaffinity would be > fine for process-control and I just prepared a PR for it. It looks like it > works > much like setpriority and so we'll be able to add it to the default template > soon for certain invocations (I suspect you'll be able to drop proces-control > then). > > In the future you can also simply file a bug and add the 'snapd-interface' > tag. > Thanks for bringing this up!
Thanks Jamie for your prompt answer. I subscribed to the bug for setpriority (https://launchpad.net/bugs/1641758) and I’ll be watching the PR (https://github.com/snapcore/snapd/pull/2301). Assuming it gets merged soon (looks trivial enough), when can I expect it to be released in a new version of snapd? Would that be 2.18 ? I’m unable to find up-to-date info on future releases of snapd (either at https://github.com/snapcore/snapd/releases or at https://launchpad.net/snappy/+series). Cheers, Olivier -- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
