#include # Systemd Journal location @{journald}=/{run,var}/log/journal/{,**} profile hassio_promtail flags=(attach_disconnected,mediate_deleted) { #include # Capabilities file, signal (send) set=(kill,term,int,hup,cont), # Network access network tcp, network udp, # S6-Overlay /init ix, /bin/** ix, /usr/bin/** ix, /run/{s6,s6-rc*,service}/** ix, /package/** ix, /command/** ix, /etc/services.d/** rwix, /etc/cont-init.d/** rwix, /etc/cont-finish.d/** rwix, /run/{,**} rwk, /dev/tty rw, # Bashio /usr/lib/bashio/** ix, /tmp/** rwk, # Access to options.json and other files within your addon /data/** rw, # Files needed for setup @{do_etc}/promtail/{,**} rw, /config/promtail/{,**} r, /{share,ssl}/{,**} r, @{journald} r, # Start new profile for service /usr/bin/promtail cx -> promtail_profile, profile promtail_profile flags=(attach_disconnected,mediate_deleted) { include # Receive signals from s6 signal (receive) peer=*_promtail, # Network access network tcp, network udp, network netlink raw, network unix dgram, # Temp files /tmp/.positions.yaml* rw, # Addon data /data/** r, /data/promtail/** rwk, # Config & log data @{do_etc}/promtail/* rw, /config/promtail/{,**} r, /{share,ssl}/** r, @{journald} r, # Runtime usage /usr/bin/promtail rm, /usr/bin/yq rm, @{do_etc}/{hosts,passwd} r, @{do_etc}/{resolv,nsswitch}.conf r, @{PROC}/sys/net/core/somaxconn r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, /dev/null k, @{do_etc}/ssl/certs/** r, } }