Bugzilla – Attachment 873969 Details for
Bug 1221840
podman with pasta (passt) fails with apparmor
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
Proposed upstream patch, tested on Debian only
apparmor_fixes.patch (text/plain), 2.93 KB, created by
Stefano Brivio
on 2024-04-01 09:41:16 UTC
(
hide
)
Description:
Proposed upstream patch, tested on Debian only
Filename:
MIME Type:
Creator:
Stefano Brivio
Created:
2024-04-01 09:41:16 UTC
Size:
2.93 KB
patch
obsolete
>diff --git a/contrib/apparmor/abstractions/passt b/contrib/apparmor/abstractions/passt >index 6bb25e0..61ec32c 100644 >--- a/contrib/apparmor/abstractions/passt >+++ b/contrib/apparmor/abstractions/passt >@@ -27,6 +27,7 @@ > > / r, # isolate_prefork(), isolation.c > mount options=(rw, runbindable) /, >+ mount "" -> "/", > mount "" -> "/tmp/", > pivot_root "/tmp/" -> "/tmp/", > umount "/", >diff --git a/contrib/apparmor/abstractions/pasta b/contrib/apparmor/abstractions/pasta >index a890391..e10d2a7 100644 >--- a/contrib/apparmor/abstractions/pasta >+++ b/contrib/apparmor/abstractions/pasta >@@ -27,7 +27,7 @@ > @{PROC}/@{pid}/net/udp r, > @{PROC}/@{pid}/net/udp6 r, > >- @{run}/user/@{uid}/netns/* r, # pasta_open_ns(), pasta.c >+ @{run}/user/@{uid}/** r, # pasta_open_ns(), pasta.c > > @{PROC}/[0-9]*/ns/net r, # pasta_wait_for_ns(), > @{PROC}/[0-9]*/ns/user r, # conf_pasta_ns() >diff --git a/test/lib/setup b/test/lib/setup >index 9b39b9f..510360b 100755 >--- a/test/lib/setup >+++ b/test/lib/setup >@@ -56,7 +56,7 @@ setup_passt() { > context_run_bg qemu 'qemu-system-$(uname -m)' \ > ' -machine accel=kvm' \ > ' -m '${VMEM}' -cpu host -smp '${VCPUS} \ >- ' -kernel ' "/boot/vmlinuz-$(uname -r)" \ >+ ' -kernel ' "/home/sbrivio/nf/arch/x86/boot/bzImage" \ > ' -initrd '${INITRAMFS}' -nographic -serial stdio' \ > ' -nodefaults' \ > ' -append "console=ttyS0 mitigations=off apparmor=0" ' \ >@@ -152,7 +152,7 @@ setup_passt_in_ns() { > ' -machine accel=kvm' \ > ' -M accel=kvm:tcg' \ > ' -m '${VMEM}' -cpu host -smp '${VCPUS} \ >- ' -kernel ' "/boot/vmlinuz-$(uname -r)" \ >+ ' -kernel ' "/home/sbrivio/nf/arch/x86/boot/bzImage" \ > ' -initrd '${INITRAMFS}' -nographic -serial stdio' \ > ' -nodefaults' \ > ' -append "console=ttyS0 mitigations=off apparmor=0" ' \ >@@ -223,7 +223,7 @@ setup_two_guests() { > context_run_bg qemu_1 'qemu-system-$(uname -m)' \ > ' -M accel=kvm:tcg' \ > ' -m '${VMEM}' -cpu host -smp '${VCPUS} \ >- ' -kernel ' "/boot/vmlinuz-$(uname -r)" \ >+ ' -kernel ' "/home/sbrivio/nf/arch/x86/boot/bzImage" \ > ' -initrd '${INITRAMFS}' -nographic -serial stdio' \ > ' -nodefaults' \ > ' -append "console=ttyS0 mitigations=off apparmor=0" ' \ >@@ -236,7 +236,7 @@ setup_two_guests() { > context_run_bg qemu_2 'qemu-system-$(uname -m)' \ > ' -M accel=kvm:tcg' \ > ' -m '${VMEM}' -cpu host -smp '${VCPUS} \ >- ' -kernel ' "/boot/vmlinuz-$(uname -r)" \ >+ ' -kernel ' "/home/sbrivio/nf/arch/x86/boot/bzImage" \ > ' -initrd '${INITRAMFS}' -nographic -serial stdio' \ > ' -nodefaults' \ > ' -append "console=ttyS0 mitigations=off apparmor=0" ' \
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=873969">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 1221840
:
873715
|
873969
|
873970
|
873985
|
874005
|
874006