Commit graph

58 commits

Author SHA1 Message Date
Stefano Brivio
bdcfe4749e contrib: podman: Add bound address configuration, update port specifications
Rebase the patch for Podman on top of current upstream, and:

- add support for configuration of specific addresses for forwarded
  ports

- by default, disable port forwarding, and reflect this in the man
  page changes

- adjust processing to a new, incompatible format for port storage,
  which I couldn't actually track down to a specific commit, but
  that resulted in https://github.com/containers/podman/issues/13643
  and commit eedaaf33cdbf ("fix slirp4netns port forwarding with
  ranges")

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-05-02 21:46:13 +02:00
Stefano Brivio
bc925b1da4 contrib: Add example of Debian package files
...using dh_apparmor to ship and apply AppArmor profiles. Tried on
current Debian testing (Bookworm, 12).

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-30 05:52:39 +02:00
Stefano Brivio
81c2461408 contrib: Add example spec file for Fedora
...with SELinux package, too. Tested on Fedora 35, but it should
work on pretty much any version.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-30 05:52:39 +02:00
Stefano Brivio
1f4b7fa0d7 passt, pasta: Add examples of SELinux policy modules
These should cover any reasonably common use case in distributions.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-29 15:35:38 +02:00
Stefano Brivio
e9d573b14f passt, pasta: Add examples of AppArmor policies
These should cover any reasonably common use case in distributions.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-29 15:35:38 +02:00
Stefano Brivio
e17731ba97 contrib: Add patch for Podman integration
The patch introduces a "pasta" networking mode for rootless
container, similar to the existing slirp4netns mode. Notable
differences are described in the commit message.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
20d271b226 contrib: Introduce PoC for Kata Containers with user-mode networking
passt can be used to implement user-mode networking for the Kata
Containers runtime, so that networking setup doesn't need elevated
privileges or capabilities.

This commit adds the patch for Kata Containers runtime and agent
to support passt as networking model and endpoint, and some basic
documentation.

See contrib/kata-containers/README.md for more details and setup
steps.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-01-28 18:51:50 +01:00
Stefano Brivio
27050b094f libvirt, qemu: Move patches to new directory, contrib
I'm about to add a new adaptation carrying out-of-tree patches
for a Kata Containers PoC -- move the existing out-of-tree patches
to their own directory to keep things easy to find in the main one.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-01-28 18:51:50 +01:00