2 files changed, 11 insertions, 2 deletions

diff --git a/contrib/apparmor/abstractions/passt b/contrib/apparmor/abstractions/passt
index 43fd63f..85bd1ee 100644
--- a/contrib/apparmor/abstractions/passt
+++ b/contrib/apparmor/abstractions/passt
@@ -11,7 +11,7 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>
 
-  abi <abi/3.0>,
+  abi <abi/4.0>,
 
   include <abstractions/base>
 
@@ -24,6 +24,7 @@
   capability setpcap,
   capability net_admin,
   capability sys_ptrace,
+  userns,
 
   /					r,	# isolate_prefork(), isolation.c
   mount options=(rw, runbindable) -> /,
@@ -36,6 +37,14 @@
 
   @{PROC}/sys/net/ipv4/ip_local_port_range r,	# fwd_probe_ephemeral()
 
+  @{PROC}/sys/net/ipv4/tcp_syn_retries r,	# tcp_get_rto_params(), tcp.c
+  @{PROC}/sys/net/ipv4/tcp_syn_linear_timeouts r,
+  @{PROC}/sys/net/ipv4/tcp_rto_max_ms r,
+
+  # udp_get_timeout_params(), udp.c
+  @{PROC}/sys/net/netfilter/nf_conntrack_udp_timeout r,
+  @{PROC}/sys/net/netfilter/nf_conntrack_udp_timeout_stream r,
+
   network netlink raw,				# nl_sock_init_do(), netlink.c
 
   network inet stream,				# tcp.c
diff --git a/contrib/apparmor/abstractions/pasta b/contrib/apparmor/abstractions/pasta
index 9f73bee..251d4a2 100644
--- a/contrib/apparmor/abstractions/pasta
+++ b/contrib/apparmor/abstractions/pasta
@@ -11,7 +11,7 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>
 
-  abi <abi/3.0>,
+  abi <abi/4.0>,
 
   include <abstractions/passt>