On Thu, 2016-05-12 at 11:48 +0100, Pedro Coca wrote: > On Mon, May 9, 2016 at 2:47 PM, Daniel Holbach <daniel.holb...@canonical.com > > > > wrote: > > > > Hello everybody, > > > > one of my action items from Ubuntu Online Summit was to start this > > discussion to find out who's doing which work on interfaces right now. > > Our idea was that it'd help if we brought engineers, testers, app > > developers and others together early on and link to the various > > available code branches from the documentation as examples. > > > > If you're involved in interfaces work, please speak up. > > > After watching the UOS session regarding interfaces, one of the things that > I would like to know is how could the 15.04 security overrides be > implemented with interfaces. Would be great to know how the process of > defining a new kind of interface works, if there is any input format and if > the aforementioned case is a valid one. Would be enough to include > the "snapd-interfaces"[1] on a LP bug like was mentioned on the UOS? > > The particular case would be to see how to use interfaces for a streamer > that uses a web camera feed with ffmpeg; With 15.04 we used the security > override feature (apparmor for the USB camera access & seccomp for the > set_priority call) to overcome these issues. Would there be any difference > for a general case trying to use other syscalls not allowed by seccomp? >
As has been discussed elsewhere, security-override and security-policy are gone and you can install a snap with --devmode to work around these issues locally. Please file a bug at https://bugs.launchpad.net/snappy/+filebug with the snapd- interface tag. IIRC the issues you had were not wanting to use hw-assign for camera access and the setpriority syscall. The former has already been identified as a needed interface (though I didn't think there is a bug for it, so please create one) and the latter will be allowed once seccomp argument filtering lands, which should be soon. -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- snappy-devel mailing list snappy-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snappy-devel
