Hello!
Reepca Russelstein <[email protected]> skribis:
> That section is nested inside an 'if (useChroot) { ... }', which should
> be false in the case of builtins. I suspect it's the native-inputs
> mentioned that are failing to build - that is, it's "vendor" whose build
> is failing to start, not "wire" directly. "vendor" uses a special
> origin method, which is why the non-builtin fixed-output machinery kicks
> in.
Right.
> I assume that "r" is "read" and "w" is "write", so having done no
> research on this, maybe something like:
>
> owner @{PROC}/@{pid}/net/if_inet6 r,
>
> could get us past this issue? In general though, it looks like the
> apparmor profile might not have been designed with slirp4netns in mind
> (perhaps it predates it?) - here are some filenames that I don't see
> mentioned in it:
>
> /dev/net/tun
> /proc/sys/net/ipv6/conf/tap0/accept_dad
> /proc/sys/net/ipv6/conf/tap0/accept_ra
> /proc/sys/net/ipv4/conf/all/route_localnet
> /proc/self/mountinfo
> /proc/self/net/if_inet6
Yes, looks like this should work.
Tomas, could you try to amend the AppArmor profile as suggested and
report back?
Thanks for the quick reply, Reepca!
Ludo’.
