Comment 1 for bug 1641758

It is possible to use seccomp argument filtering to allow a process to adjust its own priority (indeed, that is coming), but with current LSM and seccomp functionality in the kernel, there isn't a way to limit calling setpriority on child processes and the process-control interface must be used today (note that snap declarations in the store have landed and it is possible to declare a snap should have process-control auto-connected-- that is reserved on a case by case basis of course).

It may be possible for snap-confine to setup a process group for each run and then adjust the seccomp arg filtering to use PRIO_PGRP. This and the effects of such a change need to be investigated.