Bugzilla – Attachment 873715 Details for
Bug 1221840
podman with pasta (passt) fails with apparmor
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
Working rules
usr.bin.passt (text/plain), 907 bytes, created by
Jörg Sonnenberger
on 2024-03-21 23:57:47 UTC
(
hide
)
Description:
Working rules
Filename:
MIME Type:
Creator:
Jörg Sonnenberger
Created:
2024-03-21 23:57:47 UTC
Size:
907 bytes
patch
obsolete
># SPDX-License-Identifier: GPL-2.0-or-later ># ># PASST - Plug A Simple Socket Transport ># for qemu/UNIX domain socket mode ># ># PASTA - Pack A Subtle Tap Abstraction ># for network namespace/tap device mode ># ># contrib/apparmor/usr.bin.passt - AppArmor profile for passt(1) ># ># Copyright (c) 2022 Red Hat GmbH ># Author: Stefano Brivio <sbrivio@redhat.com> > >abi <abi/3.0>, > >include <tunables/global> > >profile passt /usr/bin/passt{,.avx2} flags=(attach_disconnected) { > include <abstractions/passt> > > # Alternatively: include <abstractions/user-tmp> > /proc/@{pid}/ns/ r, > /dev/net/tun rw, # tap_ns_tun(), tap.c # XXX why is this necessary, the include above should have provided it? > owner /tmp/** w, # tap_sock_unix_init(), pcap(), > # write_pidfile(), > # logfile_init() > > owner @{HOME}/** w, # pcap(), write_pidfile() > ptrace (read,trace) peer=unconfined, >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=873715">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 1221840
: 873715 |
873969
|
873970
|
873985
|
874005
|
874006