Code review comment for lp://qastaging/~jdstrand/snap-confine/seccom-arg-filtering

Hi Tyler, I've merged this and also tested with a real world example with electron-quick-start. I used this:

setpriority - 0 >=0

and electron-quick-start worked and then used this:

setpriority - 0 >=20

and it failed:
audit: type=1326 audit(1463522677.088:611): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=17596 comm="electron" exe="/snap/electron-quick-start/100006/lib/node_modules/electron-prebuilt/dist/electron" sig=31 arch=c000003e syscall=141 compat=0 ip=0x7fc853d314a7 code=0x0

Note that for setpriority I'm going to need a followup MP for PRIO_PROCESS, PRIO_PGRP, and PRIO_USER from sys/resource.h since we are I think going to actually want this for setpriority in policy:

setpriority PRIO_PROCESS 0 >=0