Comment 1 for bug 1567597

Seth Arnold (seth-arnold) wrote :

What's the benefit of a complain mode for seccomp in snappyland? AppArmor denials can usually be addressed by changing ./configure flags or hardcoded paths or something, but there's not much to be done for "this application uses syscalls we forbid" except eliding the syscalls from the source, right?

Allowing it to run without trouble feels like it provides a false sense of progress or control when none is intended.

Thanks