Plug A Simple Socket Transport
https://passt.top/passt/about/
passt implements a translation layer between a Layer-2 network interface and
native Layer-4 sockets (TCP, UDP, ICMP/ICMPv6 echo) on a host. It doesn't
require any capabilities or privileges, and it can be used as a simple
replacement for Slirp.
- Devel package for openSUSE:Factory
-
4
derived packages
- Links to openSUSE:Factory / passt
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout Virtualization:containers/passt && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| _service | 0000000450 450 Bytes | |
| _servicedata | 0000000221 221 Bytes | |
| passt-0~git20230823.tar.xz | 0000184864 181 KB | |
| passt.changes | 0000049070 47.9 KB | |
| passt.spec | 0000004670 4.56 KB |
Revision 2 (latest revision is 19)
Dario Faggioli (dfaggioli)
accepted
request 1107867
from
Frederic Crozat (fcrozat)
(revision 2)
- Update to version 0~git20230823: * pasta: Strip RTA_PREFSRC when copying routes to the namespace * netlink: Set IFA_ADDRESS, not just IFA_LOCAL, while adding IPv4 addresses * tcp: Remove broken pressure calculations for tcp_defer_handler() * inany: Add missing double include guard to inany.h * tcp: Move in_epoll flag out of common connection structure * tcp, udp: Don't pre-fill IPv4 destination address in headers * tcp, udp: Don't include destination address in partially precomputed csums * tcp: Consistent usage of ports in tcp_seq_init() * tcp: More precise terms for addresses and ports * tap: Pass source address to protocol handler functions * tap: Don't clobber source address in tap6_handler() * selinux: Fix domain transitions for typical commands pasta might run * selinux: Allow pasta_t to read nsfs entries * selinux: Add rules for sysctl and /proc/net accesses * selinux: Update policy to fix user/group settings * selinux: Fix user namespace creation after breaking kernel change * selinux: Use explicit paths for binaries in file context * fedora: Install pasta as hard link to ensure SELinux file context match * tap: Fix format specifier in tap4_is_fragment() warning * netlink: Don't propagate host address expiry to the container * netlink: Correctly calculate attribute length for address messages * netlink: Remove redundant check on nlmsg_type * conf: Demote overlapping port ranges error to a warning * epoll: Use different epoll types for passt and pasta tap fds * epoll: Split listening Unix domain socket into its own type * epoll: Split handling of listening TCP sockets into their own handler * epoll: Split handling of TCP timerfds into its own handler function * epoll: Tiny cleanup to udp_sock_handler() * epoll: Split handling of ICMP and ICMPv6 sockets
Comments 6
The currently packaged version of pasta does not seem to work at all (MicroOS). Only ping does work in a pasta netns but curl does not and neither do port forwards with podman.
This does work on Fedora and Arch Linux.
For me
pastagives error messages:Are there any permissions I have to set?
If I understand the spec file correctly, it fails to install the install the apparmor rules for pasta alongside the passt rules:
%if %{with apparmor} pushd contrib/apparmor mkdir -p %{buildroot}%{_sysconfdir}/apparmor.d/abstractions install -m 0644 usr.bin.passt %{buildroot}%{_sysconfdir}/apparmor.d/ install -m 0644 abstractions/{passt,pasta} %{buildroot}%{_sysconfdir}/apparmor.d/abstractions popd %endifIsn't there a line missing like
install -m 0644 usr.bin.pasta %{buildroot}%{_sysconfdir}/apparmor.d/?
The fixes discussed in boo#1221840 have been merged, can you now try to see if you're still facing the issue?
Probably related to boo#1221840
We should change the .spec file to hardlink pasta to passt, as per https://bugzilla.suse.com/show_bug.cgi?id=1221840#c28