https://bugzilla.suse.com/show_bug.cgi?id=1221840 https://bugzilla.suse.com/show_bug.cgi?id=1221840#c15 --- Comment #15 from Stefano Brivio --- (In reply to Danish Prakash from comment #14)

Thanks for the patch, even though I can invoke `pasta` without any errors, I'm still getting the same permission denied error on the netns:

...

Couldn't open network namespace /proc/9080/ns/net: Permission denied

Adding the following rule to usr.bin.passt doesn't help either:

...

/proc/@{pid}/ns/ r,

That should be '/proc/@{pid}/ns/**', but anyway that's already covered by abstractions/pasta: @{PROC}/[0-9]*/ns/net r, # pasta_wait_for_ns(), @{PROC}/[0-9]*/ns/user r, # conf_pasta_ns() ...you should make sure that those rules are taken into account, though.

On the contrary, setting the two usr.bin.pas* profiles to complain mode, things are back to normal so perhaps the rules are still not right?

Definitely, it's an issue with AppArmor rules. Can you tail -f /var/log/audit/audit.log while you run 'pasta' and check what AppArmor is denying as you do that? -- You are receiving this mail because: You are on the CC list for the bug.