From 8d85b6a99ebf02a65a097ac3f5cdb83cd4119bd5 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Tue, 29 Mar 2022 23:47:35 +0200
Subject: tap: Allow ioctl() and openat() for tap_ns_tun() re-initialisation

If the tun interface disappears, we'll call tap_ns_tun() after the
seccomp profile is applied: add ioctl() and openat() to it.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index b045c6f..2ce01e9 100644
--- a/README.md
+++ b/README.md
@@ -288,7 +288,7 @@ speeding up local connections, and usually requiring NAT. _pasta_:
 * ✅ all capabilities dropped, other than `CAP_NET_BIND_SERVICE` (if granted)
 * ✅ with default options, user, mount, IPC, UTS, PID namespaces are detached
 * ✅ no external dependencies (other than a standard C library)
-* ✅ restrictive seccomp profiles (25 syscalls allowed for _passt_, 37 for
+* ✅ restrictive seccomp profiles (25 syscalls allowed for _passt_, 39 for
   _pasta_ on x86_64)
 * ✅ examples of [AppArmor](/passt/tree/contrib/apparmor) and
   [SELinux](/passt/tree/contrib/selinux) profiles available
-- 
cgit v1.2.3