These assume that distributions with AppArmor support will install
pasta and pasta.avx2 as hard links, and I prepared matching changes
for the Debian package. This particular aspect is
distribution-specific, so I'm not changing the symlink install from
the Makefile anyway.
Stefano Brivio (5):
apparmor: Use abstractions/nameservice to deal with symlinked
resolv.conf
apparmor: Explicitly pass options we use while remounting root
filesystem
apparmor: Allow read-only access to uid_map
apparmor: Allow pasta to remount /proc, access entries under its own
copy
apparmor: Add pasta's own profile
contrib/apparmor/abstractions/passt | 7 ++++---
contrib/apparmor/abstractions/pasta | 9 +++++++++
contrib/apparmor/usr.bin.passt | 12 ++----------
contrib/apparmor/usr.bin.pasta | 27 +++++++++++++++++++++++++++
4 files changed, 42 insertions(+), 13 deletions(-)
create mode 100644 contrib/apparmor/usr.bin.pasta
--
2.39.2