https://bugzilla.suse.com/show_bug.cgi?id=1221840 https://bugzilla.suse.com/show_bug.cgi?id=1221840#c12 --- Comment #12 from Stefano Brivio <sbrivio@redhat.com> --- Comment on attachment 873969 --> https://bugzilla.suse.com/attachment.cgi?id=873969 Proposed upstream patch, tested on Debian only

diff --git a/contrib/apparmor/abstractions/passt b/contrib/apparmor/abstractions/passt index 6bb25e0..61ec32c 100644 --- a/contrib/apparmor/abstractions/passt +++ b/contrib/apparmor/abstractions/passt @@ -27,6 +27,7 @@

/ r, # isolate_prefork(), isolation.c mount options=(rw, runbindable) /, + mount "" -> "/", mount "" -> "/tmp/", pivot_root "/tmp/" -> "/tmp/", umount "/", diff --git a/contrib/apparmor/abstractions/pasta b/contrib/apparmor/abstractions/pasta index a890391..e10d2a7 100644 --- a/contrib/apparmor/abstractions/pasta +++ b/contrib/apparmor/abstractions/pasta @@ -27,7 +27,7 @@ @{PROC}/@{pid}/net/udp r, @{PROC}/@{pid}/net/udp6 r,

- @{run}/user/@{uid}/netns/* r, # pasta_open_ns(), pasta.c + @{run}/user/@{uid}/** r, # pasta_open_ns(), pasta.c

@{PROC}/[0-9]*/ns/net r, # pasta_wait_for_ns(), @{PROC}/[0-9]*/ns/user r, # conf_pasta_ns() -- You are receiving this mail because: You are on the CC list for the bug.