Overview

Plug A Simple Socket Transport

Edit Package passt
https://passt.top/passt/about/

passt implements a translation layer between a Layer-2 network interface and
native Layer-4 sockets (TCP, UDP, ICMP/ICMPv6 echo) on a host. It doesn't
require any capabilities or privileges, and it can be used as a simple
replacement for Slirp.

  • Devel package for openSUSE:Factory
  • 3 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout Virtualization:containers/passt && cd $_
  • Create Badge
Refresh
Source Files
Filename Size Changed
_service 0000000497 497 Bytes
_servicedata 0000000221 221 Bytes
passt-20250611.0293c6f.tar.zst 0000286541 280 KB
passt.changes 0000104196 102 KB
passt.spec 0000007627 7.45 KB
Comments 6
lukas12342's avatar
lukas12342 -

The currently packaged version of pasta does not seem to work at all (MicroOS). Only ping does work in a pasta netns but curl does not and neither do port forwards with podman.

This does work on Fedora and Arch Linux.

Berthold Höllmann's avatar
Berthold Höllmann (bhoel) -

For me pasta gives error messages:

> pasta
Could not open /proc/self/uid_map: Permission denied
Couldn't configure user mappings
Couldn't mount /proc: Permission denied
Failed to join network namespace: Permission denied
Could not open /proc/sys/net/ipv4/ping_group_range: Permission denied
Cannot set ping_group_range, ICMP requests might fail

Are there any permissions I have to set?

> rpm -qi passt
Name        : passt
Version     : 20240220.1e6f92b
Release     : 1.2
Architecture: x86_64
Install Date: Sa 06 Apr 2024 21:14:43 CEST
Group       : System/Daemons
Size        : 438994
License     : GPL-2.0-or-later AND BSD-3-Clause
Signature   : RSA/SHA512, Fr 29 Mär 2024 18:45:11 CET, Key ID 35a2f86e29b700a4
Source RPM  : passt-20240220.1e6f92b-1.2.src.rpm
Build Date  : Do 14 Mär 2024 10:40:51 CET
Build Host  : reproducible
Packager    : https://bugs.opensuse.org
Vendor      : openSUSE
URL         : https://passt.top/
Summary     : User-mode networking daemons for virtual machines and namespaces
Description :
passt implements a translation layer between a Layer-2 network interface and
native Layer-4 sockets (TCP, UDP, ICMP/ICMPv6 echo) on a host. It doesn't
require any capabilities or privileges, and it can be used as a simple
replacement for Slirp.

pasta (same binary as passt, different command) offers equivalent functionality,
for network namespaces: traffic is forwarded using a tap interface inside the
namespace, without the need to create further interfaces on the host, hence not
requiring any capabilities or privileges.
Distribution: openSUSE Tumbleweed
Berthold Höllmann's avatar
Berthold Höllmann (bhoel) -

If I understand the spec file correctly, it fails to install the install the apparmor rules for pasta alongside the passt rules:

%if %{with apparmor}
pushd contrib/apparmor
mkdir -p %{buildroot}%{_sysconfdir}/apparmor.d/abstractions
install -m 0644 usr.bin.passt %{buildroot}%{_sysconfdir}/apparmor.d/
install -m 0644 abstractions/{passt,pasta} %{buildroot}%{_sysconfdir}/apparmor.d/abstractions
popd
%endif

Isn't there a line missing like 

install -m 0644 usr.bin.pasta %{buildroot}%{_sysconfdir}/apparmor.d/

?

Danish Prakash's avatar
Danish Prakash (danishprakash) -

The fixes discussed in boo#1221840 have been merged, can you now try to see if you're still facing the issue?

Eyad Issa's avatar
Eyad Issa (VaiTon) -

Probably related to boo#1221840

Eyad Issa's avatar
Eyad Issa (VaiTon) -

We should change the .spec file to hardlink pasta to passt, as per https://bugzilla.suse.com/show_bug.cgi?id=1221840#c28

openSUSE Build Service is sponsored by
Places