[docs/bugfix] Fix access to /dev and /tmp in AppArmor profile (#3444)

This commit is contained in:
Sqx. Flann van der Eik 2024-10-16 14:34:08 +02:00 committed by GitHub
parent a48cce82b9
commit 2a437685fc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -24,12 +24,12 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
# Embedded ffmpeg needs read
# permission on /dev/urandom.
owner /dev/ r,
owner /dev/urandom r,
/dev/ r,
/dev/urandom r,
# Temp dir access is needed for storing
# files briefly during media processing.
owner /tmp/ r,
/tmp/ r,
owner /tmp/* rwk,
# If running with GTS_WAZERO_COMPILATION_CACHE set,
@ -39,7 +39,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
# If you've enabled logging to syslog, allow GoToSocial
# to write logs by uncommenting the following line:
# owner /var/log/syslog w,
# /var/log/syslog w,
# These directories are not currently used by any of
# the recommended GoToSocial installation methods, but
@ -65,6 +65,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
/etc/services r,
/proc/sys/net/core/somaxconn r,
/sys/fs/cgroup/system.slice/gotosocial.service/{,*} r,
/sys/kernel/mm/hugepages/ r,
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
owner /proc/*/cgroup r,
owner /proc/*/cpuset r,