Ongoing interfaces work

Jamie Strandboge jamie at canonical.com
Thu May 12 12:20:40 UTC 2016 

On Thu, 2016-05-12 at 11:48 +0100, Pedro Coca wrote:
> On Mon, May 9, 2016 at 2:47 PM, Daniel Holbach <daniel.holbach at canonical.com
> > 
> > wrote:
> > 
> > Hello everybody,
> > 
> > one of my action items from Ubuntu Online Summit was to start this
> > discussion to find out who's doing which work on interfaces right now.
> > Our idea was that it'd help if we brought engineers, testers, app
> > developers and others together early on and link to the various
> > available code branches from the documentation as examples.
> > 
> > If you're involved in interfaces work, please speak up.
> > 
> After watching the UOS session regarding interfaces, one of the things that
> I would like to know is how could the 15.04 security overrides be
> implemented with interfaces. Would be great to know how the process of
> defining a new kind of interface works, if there is any input format and if
> the aforementioned case is a valid one. Would be enough to include
> the "snapd-interfaces"[1] on a LP bug like was mentioned on the UOS?
> 
> The particular case would be to see how to use interfaces for a streamer
> that uses a web camera feed with ffmpeg; With 15.04 we used the security
> override feature (apparmor for the USB camera access & seccomp for the
> set_priority call) to overcome these issues. Would there be any difference
> for a general case trying to use other syscalls not allowed by seccomp?
> 

As has been discussed elsewhere, security-override and security-policy are gone
and you can install a snap with --devmode to work around these issues locally.

Please file a bug at https://bugs.launchpad.net/snappy/+filebug with the snapd-
interface tag. IIRC the issues you had were not wanting to use hw-assign for
camera access and the setpriority syscall. The former has already been
identified as a needed interface (though I didn't think there is a bug for it,
so please create one) and the latter will be allowed once seccomp argument
filtering lands, which should be soon.

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160512/6cdb8fd2/attachment.pgp>

More information about the snappy-devel mailing list