passt - Plug A Simple Socket Transport

diff options

author	Stefano Brivio <sbrivio@redhat.com>	2023-09-06 21:09:47 +0200
committer	Stefano Brivio <sbrivio@redhat.com>	2023-09-07 00:31:35 +0200
commit	e2ad420fa268533628c32acab35fb66f187cef39 (patch)
tree	4da9e2382ac7d1545c2da77419ef73ce135b5a8b /contrib/apparmor/abstractions/pasta
parent	b686afa23e85321f9e376b2aeddddb6e70adc22b (diff)
download	passt-e2ad420fa268533628c32acab35fb66f187cef39.tar passt-e2ad420fa268533628c32acab35fb66f187cef39.tar.gz passt-e2ad420fa268533628c32acab35fb66f187cef39.tar.bz2 passt-e2ad420fa268533628c32acab35fb66f187cef39.tar.lz passt-e2ad420fa268533628c32acab35fb66f187cef39.tar.xz passt-e2ad420fa268533628c32acab35fb66f187cef39.tar.zst passt-e2ad420fa268533628c32acab35fb66f187cef39.zip

apparmor: Allow read-only access to uid_map

Starting with commit 770d1a4502dd ("isolation: Initially Keep CAP_SETFCAP if running as UID 0 in non-init"), the lack of this rule became more apparent as pasta needs to access uid_map in procfs even as non-root. However, both passt and pasta needs this, in case they are started as root, so add this directly to passt's abstraction (which is sourced by pasta's profile too). Fixes: 770d1a4502dd ("isolation: Initially Keep CAP_SETFCAP if running as UID 0 in non-init") Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Diffstat (limited to 'contrib/apparmor/abstractions/pasta')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: