# SPDX-License-Identifier: AGPL-3.0-or-later # # PASST - Plug A Simple Socket Transport # for qemu/UNIX domain socket mode # # PASTA - Pack A Subtle Tap Abstraction # for network namespace/tap device mode # # contrib/apparmor/abstractions/passt - Abstraction for passt(1) # # Copyright (c) 2022 Red Hat GmbH # Author: Stefano Brivio abi , include # Alternatively: include @{etc_ro}/resolv.conf r, # get_dns(), conf.c capability net_bind_service, # isolation.c, conf.c capability setuid, capability setgid, capability sys_admin, capability setpcap, capability net_admin, capability sys_ptrace, / r, # isolate_prefork(), isolation.c mount "" -> "/", mount "" -> "/tmp/", pivot_root "/tmp/" -> "/tmp/", umount "/", network netlink raw, # nl_sock_init_do(), netlink.c network inet stream, # tcp.c network inet6 stream, network inet dgram, # udp.c network inet6 dgram, network unix stream, # tap.c network unix dgram, # __openlog(), log.c /usr/bin/passt.avx2 ix, # arch_avx2_exec(), arch.c