On Thu, 2016-07-14 at 03:04 -0700, Mark Shuttleworth wrote: > Hi Luke > > I think it's https://en.wikipedia.org/wiki/Seccomp seccomp-bpf that > you're looking for, and snapd can configure that just as it does > apparmor, based on the plug/slot interfaces declared by the snaps. Jamie > will know more. > Yes, seccomp via seccomp arg filtering is where we should be able to do this. That feature landed in upstream snap-confine a little while ago and AIUI the snappy team is working on landing that in 16.04.
Luke, please file a bug and add the 'snapd-interface' tag with what you need and a member of the interfaces team can take a look. Thanks! > Mark > > On 13/07/16 20:06, Luke Yelavich wrote: > > > > Hey folks. > > I am working on a cdparanoia snap. CDParanoia requires read/write access to > > the optical drive, From what I have gathered from the cdparanoia code, > > read/write access is required for detection of the drive/kernel interface, > > i.e SG IO, etc, and extraction/reading can be done read-only. > > > > I am wondering whether it is possible to add read/write support to the > > optical-drive interface for a selection of ioctls, I think only one at this > > point... If so, could someone point me to a document that explains the > > syntax for aparmor etc to implement this? I'll be of course happy to propose > > a merge to snapd for the optical-drive interface once I have identified the > > ioctls required by cdparanoia. > > > > I think this is worth doing because lots of software uses cdparanoia for > > reading/extraction, both the cdparanoia library and the command-line > > utility, gstreamer included. > > > > Of course, if folks feel that another interface is a better solution, I'm up > > for that as well. > > > > Thanks in advance. > > > > Luke > > > > -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
