# SPDX-License-Identifier: GPL-2.0-or-later # # PASST - Plug A Simple Socket Transport # for qemu/UNIX domain socket mode # # PASTA - Pack A Subtle Tap Abstraction # for network namespace/tap device mode # # contrib/apparmor/abstractions/passt - Abstraction for passt(1) # # Copyright (c) 2022 Red Hat GmbH # Author: Stefano Brivio abi , include include # get_dns(), conf.c capability net_bind_service, # isolation.c, conf.c capability setuid, capability setgid, capability sys_admin, capability setpcap, capability net_admin, capability sys_ptrace, / r, # isolate_prefork(), isolation.c mount options=(rw, runbindable) -> /, mount "" -> "/", mount "" -> "/tmp/", pivot_root "/tmp/" -> "/tmp/", umount "/", owner @{PROC}/@{pid}/uid_map r, # conf_ugid() @{PROC}/sys/net/ipv4/ip_local_port_range r, # fwd_probe_ephemeral() network netlink raw, # nl_sock_init_do(), netlink.c network inet stream, # tcp.c network inet6 stream, network inet dgram, # udp.c network inet6 dgram, network unix stream, # tap.c network unix dgram, # __openlog(), log.c /usr/bin/passt.avx2 ix, # arch_avx2_exec(), arch.c