include # Docker overlay @{docker_root}=/docker/ /var/lib/docker/ @{fs_root}=/ @{docker_root}/overlay2/*/diff/ @{do_etc}=@{fs_root}/etc/ @{do_opt}=@{fs_root}/opt/ @{do_run}=@{fs_root}/{run,var/run}/ @{do_usr}=@{fs_root}/usr/ @{do_var}=@{fs_root}/var/ # Systemd Journal location @{journald}=/{run,var}/log/journal/{,**} profile hassio_promtail flags=(attach_disconnected,mediate_deleted) { include include # Send signals to child services signal (send) peer=@{profile_name}//*, # Network access network tcp, network udp, # S6-Overlay /init rix, /bin/** rix, /usr/bin/** rix, /run/{s6,s6-rc*,service}/** rix, /package/** rix, /command/** rix, /etc/** rwix, /etc/services.d/** rwix, /etc/cont-init.d/** rwix, /etc/cont-finish.d/** rwix, /run/{,**} rwk, /dev/tty rw, /dev/null k, /usr/share/zoneinfo/{,**} r, # Bashio /usr/lib/bashio/** rix, /tmp/** rwk, # Options.json & addon data /data/** rw, # Files needed for setup @{do_etc}/promtail/{,**} rw, /config/promtail/{,**} r, /{share,ssl}/{,**} r, @{journald} r, # Programs /usr/bin/promtail cx -> promtail, /usr/bin/yq Cx, profile promtail flags=(attach_disconnected,mediate_deleted) { include # Receive signals from s6 signal (receive) peer=*_promtail, # Network access network tcp, network udp, network netlink raw, network unix dgram, # Temp files /tmp/.positions.yaml* rw, # Addon data /data/** r, /data/promtail/** rwk, # Config & log data @{do_etc}/promtail/config.yaml r, /config/promtail/{,**} r, /{share,ssl}/** r, @{journald} r, # Runtime usage /usr/bin/promtail rm, @{do_etc}/{hosts,passwd} r, @{do_etc}/{resolv,nsswitch}.conf r, @{PROC}/sys/net/core/somaxconn r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, /dev/null k, @{do_etc}/ssl/certs/** r, } profile /usr/bin/yq flags=(attach_disconnected,mediate_deleted) { include # Config files @{do_etc}/promtail/* rw, /config/promtail/{,**} r, /share/** r, # Runtime usage /usr/bin/yq rm, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, /dev/null k, } }