From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from jemma.woof94.com (jemma.woof94.com [IPv6:2404:9400:3:0:216:3eff:fee0:fa86])
	by passt.top (Postfix) with ESMTPS id CA4CF5A004E
	for <passt-user@passt.top>; Fri, 07 Jun 2024 12:45:44 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=moffatt.email; s=woof2014; h=Content-Transfer-Encoding:Content-Type:Subject
	:From:To:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=V7yeA0N3ph0c5b+u+Gu1jsnMck9AZm/ub9aqqUq42so=; b=nKYNa+5/qlpB2NBEfItTjML9p/
	iQytl8S+n7VECqYLfxyZHvN99Jwahl+1NHQ7PRmPoLz7NeWbg8xH9N/ngOiHs4FG4P/89izrrBP8H
	R+zkPTQ65SZkC75IFx5BiP4hhECn41oySCEL95v5DTvUD933WzjS8xb/1KmUwfNpS4N8=;
Received: from [2403:5811:8c5e:42:a29:408:b1fd:102a]
	by jemma.woof94.com with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <hamish-passt@moffatt.email>)
	id 1sFX6J-008m0b-9C
	for passt-user@passt.top; Fri, 07 Jun 2024 20:45:41 +1000
Message-ID: <8cf17fe5-ae9f-4228-8970-ada3a88128be@moffatt.email>
Date: Fri, 7 Jun 2024 20:45:39 +1000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: passt-user@passt.top
Content-Language: en-US
From: hamish-passt@moffatt.email
Subject: apparmor blocks passt running podman
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-MailFrom: hamish-passt@moffatt.email
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation
Message-ID-Hash: FPHZQOBIMTRIZGFFZM7NXEF4EA53RUZ3
X-Message-ID-Hash: FPHZQOBIMTRIZGFFZM7NXEF4EA53RUZ3
X-Mailman-Approved-At: Fri, 07 Jun 2024 20:01:05 +0200
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: "For passt users: support, questions and answers" <passt-user.passt.top>
Archived-At: <https://archives.passt.top/passt-user/8cf17fe5-ae9f-4228-8970-ada3a88128be@moffatt.email/>
Archived-At: <https://passt.top/hyperkitty/list/passt-user@passt.top/message/FPHZQOBIMTRIZGFFZM7NXEF4EA53RUZ3/>
List-Archive: <https://archives.passt.top/passt-user/>
List-Archive: <https://passt.top/hyperkitty/list/passt-user@passt.top/>
List-Help: <mailto:passt-user-request@passt.top?subject=help>
List-Owner: <mailto:passt-user-owner@passt.top>
List-Post: <mailto:passt-user@passt.top>
List-Subscribe: <mailto:passt-user-join@passt.top>
List-Unsubscribe: <mailto:passt-user-leave@passt.top>

Hi,

I have podman 5.1.0 and passt 0.0+20240523.765eb0bf running on Debian 
bookworm (via unofficial packages).

When I try to run podman using passt for networking, it is blocked by 
apparmor (3.0.8).

audit: type=1400 audit(1717756950.285:65): apparmor="DENIED" 
operation="open" profile="passt" 
name="/run/user/1000/netns/netns-cad489f7-d3c4-7730-9d15-17ae8e172da4" 
pid=246135 comm="passt.avx2" requested_mask="r" denied_mask="r" 
fsuid=1000 ouid=0

I'm not familiar with apparmor so I don't know how to debug this. The 
installed apparmor profile files match the ones in the pasta git. Can 
you help?

thanks,

Hamish