On 04/04/2016 02:03 PM, Jamie Strandboge wrote: > On Mon, 2016-04-04 at 08:23 -0400, Kyle Fazzari wrote: >> >> Often times the syscalls being made aren't strictly required (e.g. MySQL >> trying to control its thread priorities with `setpriority()`), which >> typically leads to my starting with (2) and moving to (3). > > FYI, this particular syscall is going to be allowed soon once seccomp argument > filtering lands, which should be before 16.04 release.
That's good to know, thank you! > The decision on which to use (KILL vs ERRNO) was an active one back in > Capetown 2014 > sprint (iirc), but perhaps it is time to revisit it based on this feedback. > AppArmor uses deny and log so to me it makes some sense to do the same with > seccomp. I agree. I also imagine upstream contributions to deal with ERRNO will be viewed as making things more robust rather than "make this work with Snappy." Do you remember the original rational for using KILL? -- Kyle Fazzari (kyrofa) Software Engineer Canonical Ltd. k...@canonical.com
signature.asc
Description: OpenPGP digital signature
-- snappy-devel mailing list snappy-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snappy-devel
