Alex Murray

@ctgarrenton can you provide any more details? I can't reproduce this myself so I can't really fix it if I don't get more information from you. Thanks.

Ok since this is not an issue specific to the emacs snap I am guessing it is more appropriate to be filed as a bug in Ubuntu. So am closing...

> Do you think it makes sense to add ubsan too, even if for unit tests only? Sure, the more the merrier particularly if its just the unit tests.

Yes I would prefer perhaps a new interface rather than changing the semantics of this interface - `log-control` sounds like a good approach (although @pedronis is the ultimate authority on...

So I think the idea of using seccomp to limit the access to `syslog()` seems like a good, pragmatic solution - but it does make me a bit nervous that...

@alexclewontin do you think you might be able to try adding the additional denylist entry for any future/unknown syslog actions as well as an additional test for this?

> my main remaining question is how the filtering will interact with snaps using interfaces that were giving cap syslog already (mostly kernel-module-*), probably low risk that; and snaps that...

@pedronis yes - the base template now contains the explicit deny rules so you are right - I wonder what would happen if we added explicit allow rules to these...

Regarding the question from @pedronis on possible conflict between this proposed new interface (with explicit deny seccomp rules) and other interfaces which may want to purposefully grant these same accesses,...