diff options
| author |  Sqx. Flann van der Eik <182124780+fl4nn@users.noreply.github.com> | 2024-10-16 14:34:08 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2024-10-16 14:34:08 +0200 |
| commit | 2a437685fc880f519d81a75724644c3fb5eea97f (patch) | |
| tree | ea07e6353ed200131bd807b295f107a572f3bcc9 /example/apparmor | |
| parent | [chore] Upgrade golangci-lint, ignore existing int overflow warnings (#3420) (diff) | |
| download | gotosocial-2a437685fc880f519d81a75724644c3fb5eea97f.tar.xz | |
[docs/bugfix] Fix access to /dev and /tmp in AppArmor profile (#3444)
Diffstat (limited to 'example/apparmor')
| -rw-r--r-- | example/apparmor/gotosocial | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/example/apparmor/gotosocial b/example/apparmor/gotosocial index a36c83cc7..44192428c 100644 --- a/example/apparmor/gotosocial +++ b/example/apparmor/gotosocial @@ -24,12 +24,12 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) { # Embedded ffmpeg needs read # permission on /dev/urandom. - owner /dev/ r, - owner /dev/urandom r, + /dev/ r, + /dev/urandom r, # Temp dir access is needed for storing # files briefly during media processing. - owner /tmp/ r, + /tmp/ r, owner /tmp/* rwk, # If running with GTS_WAZERO_COMPILATION_CACHE set, @@ -39,7 +39,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) { # If you've enabled logging to syslog, allow GoToSocial # to write logs by uncommenting the following line: - # owner /var/log/syslog w, + # /var/log/syslog w, # These directories are not currently used by any of # the recommended GoToSocial installation methods, but @@ -65,6 +65,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) { /etc/services r, /proc/sys/net/core/somaxconn r, /sys/fs/cgroup/system.slice/gotosocial.service/{,*} r, + /sys/kernel/mm/hugepages/ r, /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r, owner /proc/*/cgroup r, owner /proc/*/cpuset r, |