From 413720069ef1e899b0c0641e9aa3ff8ef3ac4d70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franc=CC=A7ois=20Bonelle?= <francois.bonelle@gmail.com>
Date: Fri, 25 Aug 2023 12:32:23 +0200
Subject: [PATCH] fix

---
 promtail/apparmor.txt | 41 +++++++++++++++++++++++++----------------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/promtail/apparmor.txt b/promtail/apparmor.txt
index 481e503..86d0c7d 100644
--- a/promtail/apparmor.txt
+++ b/promtail/apparmor.txt
@@ -24,26 +24,35 @@ profile hassio_promtail flags=(attach_disconnected,mediate_deleted) {
   network udp,
 
   # S6-Overlay
-  /init rix,
-  /bin/** rix,
-  /usr/bin/** rix,
-  /run/{s6,s6-rc*,service}/** rix,
-  /package/** rix,
-  /command/** rix,
-  /etc/** rwix,
-  /etc/services.d/** rwix,
-  /etc/cont-init.d/** rwix,
-  /etc/cont-finish.d/** rwix,
-  /run/{,**} rwk,
-  /dev/tty rw,
-  /dev/null k,
-  /usr/share/zoneinfo/{,**} r,
+  /init                                   rix,
+  /bin/**                                 rix,
+  /usr/bin/**                             rix,
+  @{do_etc}/s6*/**                        r,
+  @{do_etc}/fix-attrs.d/{,**}             r,
+  @{do_etc}/cont-{init,finish}.d/{,**}    rwix,
+  @{do_etc}/services.d/{,**}              rwix,
+  @{do_run}/{s6,s6-rc*,service}/**        rix,
+  /command/**                             rix,
+  /package/**                             rix,
+  @{do_run}/{,**}                         rwk,
+  /dev/tty                                rw,
+  @{do_usr}/lib/locale/{,**}              r,
+  @{do_etc}/ssl/openssl.cnf               r,
+  @{do_etc}/{group,hosts,passwd}          r,
+  @{do_etc}/{host,nsswitch,resolv}.conf   r,
+  /dev/null                               k,
+
+  # https://github.com/hassio-addons/addon-debian-base/blob/main/base/rootfs/etc/cont-init.d/02-set-timezone.sh
+  # Wants to link /etc/localtime but apparmor sees a random hash so * it is.
+  @{do_etc}/*                             rw,
+  @{do_usr}/share/zoneinfo/{,**}          r,
 
   # Bashio
-  /usr/lib/bashio/** rix,
-  /tmp/** rwk,
+  /usr/lib/bashio/**                      ix,
+  /tmp/**                                 rw,
 
   # Options.json & addon data
+  /data                                   r,
   /data/**                                rw,
 
   # Files needed for setup