diff options
| author | Paul Holzinger <pholzing@redhat.com> | 2024-05-08 18:13:16 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2024-05-10 16:53:35 +0200 |
| commit | 72884484b00dbab548da056972e28ddb85518386 (patch) | |
| tree | 5047dbfe1fdc1e89e07076dae3924b74544e31a9 | |
| parent | 7e6a606c32341c81b0889a6791ec12e418a4eeec (diff) | |
| download | passt-72884484b00dbab548da056972e28ddb85518386.tar passt-72884484b00dbab548da056972e28ddb85518386.tar.gz passt-72884484b00dbab548da056972e28ddb85518386.tar.bz2 passt-72884484b00dbab548da056972e28ddb85518386.tar.lz passt-72884484b00dbab548da056972e28ddb85518386.tar.xz passt-72884484b00dbab548da056972e28ddb85518386.tar.zst passt-72884484b00dbab548da056972e28ddb85518386.zip | |
apparmor: allow read access on /tmp for pasta2024_05_10.7288448
The podman CI on debian runs tests based on /tmp but pasta is failing
there because it is unable to open the netns path as the open for read
access is denied.
Link: https://github.com/containers/podman/issues/22625
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | contrib/apparmor/usr.bin.pasta | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/contrib/apparmor/usr.bin.pasta b/contrib/apparmor/usr.bin.pasta index e5ee4df..2a4d28c 100644 --- a/contrib/apparmor/usr.bin.pasta +++ b/contrib/apparmor/usr.bin.pasta @@ -19,9 +19,10 @@ profile pasta /usr/bin/pasta{,.avx2} flags=(attach_disconnected) { include <abstractions/pasta> # Alternatively: include <abstractions/user-tmp> - owner /tmp/** w, # tap_sock_unix_init(), pcap(), + owner /tmp/** rw, # tap_sock_unix_init(), pcap(), # write_pidfile(), - # logfile_init() + # logfile_init(), + # pasta_open_ns() owner @{HOME}/** w, # pcap(), write_pidfile() } |