apparmor: Allow read access to /proc/sys/net/ipv4/ip_local_port_range
...for both passt and pasta: use passt's abstraction for this.
Fixes: eedc81b6ef
("fwd, conf: Probe host's ephemeral ports")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
116bc8266d
commit
6b38f07239
1 changed files with 2 additions and 0 deletions
|
@ -34,6 +34,8 @@
|
|||
|
||||
owner @{PROC}/@{pid}/uid_map r, # conf_ugid()
|
||||
|
||||
@{PROC}/sys/net/ipv4/ip_local_port_range r, # fwd_probe_ephemeral()
|
||||
|
||||
network netlink raw, # nl_sock_init_do(), netlink.c
|
||||
|
||||
network inet stream, # tcp.c
|
||||
|
|
Loading…
Reference in a new issue