Enable POSIX MQ *within* a single snap

I wanted to see if I could fix the Zoom background blur issue described here: Camera freeze when enabling "Blur My Background" · Issue #128 · ogra1/zoom-snap · GitHub

After digging into the issue, I found that the problem is that Zoom forks off a separate “aomhost” process to do the virtual background, and uses both files like “/dev/shm/aomshm…” and POSIX MQs to communicate with that process. I think I can use the private version of the shared-memory interface to handle the first part, but I’m lost what the right way to handle the second is.

I see that snap has a “posix-mq” interface, but that seems to be for allowing communication between snaps. For Zoom, I just need to allow the MQ system calls but there is no need to allow access from any process not spawned directly from the initial zoom process:

  • mq_open
  • mq_unlink
  • mq_getsetattr
  • mq_timedsend
  • mq_timedreceive

(By default the seccomp rules that come with the stock Zoom snap do not allow these system calls at all)

As an added wrinkle, Zoom uses MQ names that don’t start with a slash, like:

mq_open("us.zoom.aom.globalmgr.2017304.rpc", O_WRONLY|O_CREAT|O_NONBLOCK, 0666, {mq_flags=0x800, mq_maxmsg=2, mq_msgsize=312, mq_curmsgs=0}) = 168

Is there any way to handle this in snap? Or does the posix-mq interface in core snap need to be extended?