francois.bonelle/hassio-repo
1
0
Fork 0
Code Pull Requests Actions Activity

fix

Browse Source
This commit is contained in:
François Bonelle
2023-08-25 04:01:10 +02:00
parent 38e420ff8e
commit e3622523f0
1 changed files with 29 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
promtail/apparmor.txt
View File

@@ -43,39 +43,39 @@ profile hassio_promtail flags=(attach_disconnected,mediate_deleted) {
# Start new profile for service # Start new profile for service
/usr/bin/promtail cx -> promtail_profile, /usr/bin/promtail cx -> promtail_profile,
profile promtail_profile flags=(attach_disconnected,mediate_deleted) { profile promtail_profile flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base> include <abstractions/base>
# Receive signals from s6 # Receive signals from s6
signal (receive) peer=*_promtail, signal (receive) peer=*_promtail,
# Network access # Network access
network tcp, network tcp,
network udp, network udp,
network netlink raw, network netlink raw,
network unix dgram, network unix dgram,
# Temp files # Temp files
/tmp/.positions.yaml* rw, /tmp/.positions.yaml* rw,
# Addon data # Addon data
/data/** r, /data/** r,
/data/promtail/** rwk, /data/promtail/** rwk,
# Config & log data # Config & log data
@{do_etc}/promtail/* rw, @{do_etc}/promtail/* rw,
/config/promtail/{,**} r, /config/promtail/{,**} r,
/{share,ssl}/** r, /{share,ssl}/** r,
@{journald} r, @{journald} r,
# Runtime usage # Runtime usage
/usr/bin/promtail rm, /usr/bin/promtail rm,
/usr/bin/yq rm, /usr/bin/yq rm,
@{do_etc}/{hosts,passwd} r, @{do_etc}/{hosts,passwd} r,
@{do_etc}/{resolv,nsswitch}.conf r, @{do_etc}/{resolv,nsswitch}.conf r,
@{PROC}/sys/net/core/somaxconn r, @{PROC}/sys/net/core/somaxconn r,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
/dev/null k, /dev/null k,
@{do_etc}/ssl/certs/** r, @{do_etc}/ssl/certs/** r,
} }
} }