On Mon, 2016-04-04 at 14:56 -0400, Kyle Fazzari wrote: > On 04/04/2016 02:03 PM, Jamie Strandboge wrote: > > > > On Mon, 2016-04-04 at 08:23 -0400, Kyle Fazzari wrote: > > > > > > > > > Often times the syscalls being made aren't strictly required (e.g. MySQL > > > trying to control its thread priorities with `setpriority()`), which > > > typically leads to my starting with (2) and moving to (3). > > FYI, this particular syscall is going to be allowed soon once seccomp > > argument > > filtering lands, which should be before 16.04 release. > That's good to know, thank you! > > > > > The decision on which to use (KILL vs ERRNO) was an active one back in > > Capetown 2014 > > sprint (iirc), but perhaps it is time to revisit it based on this feedback. > > AppArmor uses deny and log so to me it makes some sense to do the same with > > seccomp. > I agree. I also imagine upstream contributions to deal with ERRNO will > be viewed as making things more robust rather than "make this work with > Snappy." Do you remember the original rational for using KILL? > I do not; perhaps others on this list do.
-- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- snappy-devel mailing list snappy-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snappy-devel
