passt - Plug A Simple Socket Transport

diff options

author	Paul Holzinger <pholzing@redhat.com>	2023-06-23 10:25:32 +0200
committer	Stefano Brivio <sbrivio@redhat.com>	2023-06-25 23:49:25 +0200
commit	594dce66d3bbe30fa3f7ccce8b8eebb0bf3e7f2e (patch)
tree	3489673c57c5c389b4c34af4bf47a3c01bf14ff8 /tcp_conn.h
parent	5b646b9b1051c5aa41e0aeebfd9b6d5be6df614e (diff)
download	passt-594dce66d3bbe30fa3f7ccce8b8eebb0bf3e7f2e.tar passt-594dce66d3bbe30fa3f7ccce8b8eebb0bf3e7f2e.tar.gz passt-594dce66d3bbe30fa3f7ccce8b8eebb0bf3e7f2e.tar.bz2 passt-594dce66d3bbe30fa3f7ccce8b8eebb0bf3e7f2e.tar.lz passt-594dce66d3bbe30fa3f7ccce8b8eebb0bf3e7f2e.tar.xz passt-594dce66d3bbe30fa3f7ccce8b8eebb0bf3e7f2e.tar.zst passt-594dce66d3bbe30fa3f7ccce8b8eebb0bf3e7f2e.zip

isolation: keep CAP_SYS_PTRACE when required

When pasta is started from an existing userns and tries to join the netns from another process it fails to open /proc/$pid/ns/net due the missing CAP_SYS_PTRACE capability in the --netns-only case. A simple reproducer for this. First create a userns: $ unshare -r Then create a new netns inside it and try to join that netns with pasta. $ unshare -n sleep inf & $ pasta --config-net --netns /proc/$!/ns/net Signed-off-by: Paul Holzinger <pholzing@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Diffstat (limited to 'tcp_conn.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: