The gopaste service from the snapcraft example doesn't work. With snappy-debug it shows that:
sysctl: permission denied on key 'kernel.printk_ratelimit'
= Seccomp =
Time: Jan 15 19:12:58
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=1142 comm="gopasted" exe="/snaps/gopaste.sideload/IKNPLdMMXNPK/bin/gopasted" sig=31 arch=c000003e 93(fchown) compat=0 ip=0x7f801d9a9467 code=0x0
Syscall: fchown
Suggestions:
* don't copy ownership of files (eg, use 'cp -r --preserve=mode' instead of 'cp -a')
* adjust program to not use 'fchown'
<jdstrand> elopio: you can't use the chown family of syscalls because of two things: we don't have per-app uids so the chown doesn't make sense under most cases, and for those cases that do make sense, we need syscall argument filtering
<jdstrand> put more simply, do what it suggested and adjust to not use chown
<jdstrand> the hope is we'll have argument filtering for seccomp and can loosen that up a bit
<jdstrand> for 16.04
<elopio> hum, the chown seems to come from here: https://raw.githubusercontent.com/mattn/go-sqlite3/master/code/sqlite3-binding.c
<sergiusens> elopio, sqlite is not going to work without patching
<sergiusens> elopio, oh, for gopasted we can use the security-override and add fchown to the valid syscalls
Workaround: https:/