Allow to call setpriority on child processes when priority is lower than default
Bug #1641758 reported by
Marco Trevisan (Treviño)
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
I've there's the process-control plug, but it has to be manually enabled... However, I was wondering whether it would be the case to make setpriorty (and getpriority) to be allowed for snapped apps that want to control a child process with higher nice values (or maybe any process of binaries inside the snap)...
For example there are some tools for doing video rendering that reduce the priority of the child process (typically mencoder or ffmpeg).
I don't think that in such cases there's any need to grant any special privilege to the snap, as it's really not something that could compromise the system. Instead it would make it work better (avoiding CPU to be overused by a proc).
Changed in snappy: | |
assignee: | nobody → Marco Trevisan (Treviño) (3v1n0) |
assignee: | Marco Trevisan (Treviño) (3v1n0) → nobody |
affects: | snappy → snapd |
To post a comment you must log in.
It is possible to use seccomp argument filtering to allow a process to adjust its own priority (indeed, that is coming), but with current LSM and seccomp functionality in the kernel, there isn't a way to limit calling setpriority on child processes and the process-control interface must be used today (note that snap declarations in the store have landed and it is possible to declare a snap should have process-control auto-connected-- that is reserved on a case by case basis of course).
It may be possible for snap-confine to setup a process group for each run and then adjust the seccomp arg filtering to use PRIO_PGRP. This and the effects of such a change need to be investigated.