diff options
Diffstat (limited to 'contrib/apparmor')
| -rw-r--r-- | contrib/apparmor/abstractions/passt | 7 | ||||
| -rw-r--r-- | contrib/apparmor/abstractions/pasta | 2 | ||||
| -rw-r--r-- | contrib/apparmor/usr.bin.passt | 2 | ||||
| -rw-r--r-- | contrib/apparmor/usr.bin.passt-repair | 2 | ||||
| -rw-r--r-- | contrib/apparmor/usr.bin.pasta | 2 |
5 files changed, 10 insertions, 5 deletions
diff --git a/contrib/apparmor/abstractions/passt b/contrib/apparmor/abstractions/passt index 43fd63f..0ffadaf 100644 --- a/contrib/apparmor/abstractions/passt +++ b/contrib/apparmor/abstractions/passt @@ -11,7 +11,7 @@ # Copyright (c) 2022 Red Hat GmbH # Author: Stefano Brivio <sbrivio@redhat.com> - abi <abi/3.0>, + abi <abi/4.0>, include <abstractions/base> @@ -24,6 +24,7 @@ capability setpcap, capability net_admin, capability sys_ptrace, + userns, / r, # isolate_prefork(), isolation.c mount options=(rw, runbindable) -> /, @@ -36,6 +37,10 @@ @{PROC}/sys/net/ipv4/ip_local_port_range r, # fwd_probe_ephemeral() + @{PROC}/sys/net/ipv4/tcp_syn_retries r, # tcp_get_rto_params(), tcp.c + @{PROC}/sys/net/ipv4/tcp_syn_linear_timeouts r, + @{PROC}/sys/net/ipv4/tcp_rto_max_ms r, + network netlink raw, # nl_sock_init_do(), netlink.c network inet stream, # tcp.c diff --git a/contrib/apparmor/abstractions/pasta b/contrib/apparmor/abstractions/pasta index 9f73bee..251d4a2 100644 --- a/contrib/apparmor/abstractions/pasta +++ b/contrib/apparmor/abstractions/pasta @@ -11,7 +11,7 @@ # Copyright (c) 2022 Red Hat GmbH # Author: Stefano Brivio <sbrivio@redhat.com> - abi <abi/3.0>, + abi <abi/4.0>, include <abstractions/passt> diff --git a/contrib/apparmor/usr.bin.passt b/contrib/apparmor/usr.bin.passt index 62a4514..c123a86 100644 --- a/contrib/apparmor/usr.bin.passt +++ b/contrib/apparmor/usr.bin.passt @@ -11,7 +11,7 @@ # Copyright (c) 2022 Red Hat GmbH # Author: Stefano Brivio <sbrivio@redhat.com> -abi <abi/3.0>, +abi <abi/4.0>, include <tunables/global> diff --git a/contrib/apparmor/usr.bin.passt-repair b/contrib/apparmor/usr.bin.passt-repair index 901189d..23ff1ce 100644 --- a/contrib/apparmor/usr.bin.passt-repair +++ b/contrib/apparmor/usr.bin.passt-repair @@ -11,7 +11,7 @@ # Copyright (c) 2025 Red Hat GmbH # Author: Stefano Brivio <sbrivio@redhat.com> -abi <abi/3.0>, +abi <abi/4.0>, #include <tunables/global> diff --git a/contrib/apparmor/usr.bin.pasta b/contrib/apparmor/usr.bin.pasta index 2483968..56b5024 100644 --- a/contrib/apparmor/usr.bin.pasta +++ b/contrib/apparmor/usr.bin.pasta @@ -11,7 +11,7 @@ # Copyright (c) 2022 Red Hat GmbH # Author: Stefano Brivio <sbrivio@redhat.com> -abi <abi/3.0>, +abi <abi/4.0>, include <tunables/global> |