diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2022-03-29 23:47:35 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2022-03-30 05:49:46 +0200 |
| commit | 8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5 (patch) | |
| tree | 48003495498d752ceeda85db06cdc3b34dc457f4 /README.md | |
| parent | 37c228ada88b7fa0001659b13c34a783ba75df83 (diff) | |
| download | passt-8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5.tar passt-8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5.tar.gz passt-8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5.tar.bz2 passt-8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5.tar.lz passt-8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5.tar.xz passt-8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5.tar.zst passt-8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5.zip | |
tap: Allow ioctl() and openat() for tap_ns_tun() re-initialisation
If the tun interface disappears, we'll call tap_ns_tun() after the
seccomp profile is applied: add ioctl() and openat() to it.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -288,7 +288,7 @@ speeding up local connections, and usually requiring NAT. _pasta_: * ✅ all capabilities dropped, other than `CAP_NET_BIND_SERVICE` (if granted) * ✅ with default options, user, mount, IPC, UTS, PID namespaces are detached * ✅ no external dependencies (other than a standard C library) -* ✅ restrictive seccomp profiles (25 syscalls allowed for _passt_, 37 for +* ✅ restrictive seccomp profiles (25 syscalls allowed for _passt_, 39 for _pasta_ on x86_64) * ✅ examples of [AppArmor](/passt/tree/contrib/apparmor) and [SELinux](/passt/tree/contrib/selinux) profiles available |