aboutgitcodebugslistschat
path: root/contrib/apparmor/usr.bin.pasta
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/apparmor/usr.bin.pasta')
-rw-r--r--contrib/apparmor/usr.bin.pasta27
1 files changed, 27 insertions, 0 deletions
diff --git a/contrib/apparmor/usr.bin.pasta b/contrib/apparmor/usr.bin.pasta
new file mode 100644
index 0000000..e5ee4df
--- /dev/null
+++ b/contrib/apparmor/usr.bin.pasta
@@ -0,0 +1,27 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# PASST - Plug A Simple Socket Transport
+# for qemu/UNIX domain socket mode
+#
+# PASTA - Pack A Subtle Tap Abstraction
+# for network namespace/tap device mode
+#
+# contrib/apparmor/usr.bin.pasta - AppArmor profile for pasta(1)
+#
+# Copyright (c) 2022 Red Hat GmbH
+# Author: Stefano Brivio <sbrivio@redhat.com>
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile pasta /usr/bin/pasta{,.avx2} flags=(attach_disconnected) {
+ include <abstractions/pasta>
+
+ # Alternatively: include <abstractions/user-tmp>
+ owner /tmp/** w, # tap_sock_unix_init(), pcap(),
+ # write_pidfile(),
+ # logfile_init()
+
+ owner @{HOME}/** w, # pcap(), write_pidfile()
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 14:53:59 +0000