Comment 0 for bug 1721676

A requirement for snappy is that security sandbox violations against policy are logged. In this manner learning tools can be written to parse the logs, etc and make developing on snappy easier.

The current default seccomp action, in strict mode. is to kill the snap's thread that violated the policy but this is unfriendly to the developer and to the user. The desired action is to block the illegal system call and return an error with errno set to EPERM. However, seccomp does not emit log events when it takes that action. Seccomp should be updated to emit log events when taking the SECCOMP_RET_ERRNO action and then snappy can switch to the using that action when blocking illegal system calls.