snapcore
interfaces/builtin/debugger_support: Add new interface to support debugging tools
Currently, there is no interface that supports debugging scenarios where such features like breakpoints (usage of ptrace syscall) are possible without classic confinement.
These changes were tested against parca-agent and Valgrind as reference software to be supported by this new interface.
Tracing capabilities for software like parka or other observability frameworks need are IMO desired and we should look into supporting them, perhaps by extending system-trace interface. However, I am not quite sure about typical debugger support. It sounds more like a thing that would usually require classic given that debugger can pretty much do arbitrary things to the inferior process. One possible option I see is Ubuntu Core with gdbserver controlling a process within a snap. which is already be supported by snap run --gdbserver and the relevant gdbserver binary is part of the core* snaps.
The main goal is to be able to solve this issue with ssdd on rt-tests-snap. The first idea was to try to have a supper-privilege interface that gives access to ptrace, but it's well known that due to maintenance problems it's not good to have such too scoped interfaces.
Then, after a discussion, the idea of creating a debugger-support interface emerges, putting more access into it than have ptrace only. But as you pointed @bboozzoo, maybe it would be a better idea to extend another interface.
My concern is: Can I consider this problem with ptrace not relevant anymore? Since the system-trace already have CAP_SYS_ADMIN enabled?
Closing this since the idea was discussed, and I come to the conclusion that what we already have it's good enough!
Thanks for all the feedback Maciej.