apparmor: allow read access on /tmp for pasta

The podman CI on debian runs tests based on /tmp but pasta is failing
there because it is unable to open the netns path as the open for read
access is denied.

Link: https://github.com/containers/podman/issues/22625
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Paul Holzinger 2024-05-08 18:13:16 +02:00 committed by Stefano Brivio
parent 7e6a606c32
commit 72884484b0

View file

@ -19,9 +19,10 @@ profile pasta /usr/bin/pasta{,.avx2} flags=(attach_disconnected) {
include <abstractions/pasta>
# Alternatively: include <abstractions/user-tmp>
owner /tmp/** w, # tap_sock_unix_init(), pcap(),
owner /tmp/** rw, # tap_sock_unix_init(), pcap(),
# write_pidfile(),
# logfile_init()
# logfile_init(),
# pasta_open_ns()
owner @{HOME}/** w, # pcap(), write_pidfile()
}