Rebase the patch for Podman on top of current upstream, and:
- add support for configuration of specific addresses for forwarded
ports
- by default, disable port forwarding, and reflect this in the man
page changes
- adjust processing to a new, incompatible format for port storage,
which I couldn't actually track down to a specific commit, but
that resulted in https://github.com/containers/podman/issues/13643
and commit eedaaf33cdbf ("fix slirp4netns port forwarding with
ranges")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
...using dh_apparmor to ship and apply AppArmor profiles. Tried on
current Debian testing (Bookworm, 12).
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
The patch introduces a "pasta" networking mode for rootless
container, similar to the existing slirp4netns mode. Notable
differences are described in the commit message.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
passt can be used to implement user-mode networking for the Kata
Containers runtime, so that networking setup doesn't need elevated
privileges or capabilities.
This commit adds the patch for Kata Containers runtime and agent
to support passt as networking model and endpoint, and some basic
documentation.
See contrib/kata-containers/README.md for more details and setup
steps.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
I'm about to add a new adaptation carrying out-of-tree patches
for a Kata Containers PoC -- move the existing out-of-tree patches
to their own directory to keep things easy to find in the main one.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>