From 45773a0bf441b6e8a9aa4f5abdef16a7085677e6 Mon Sep 17 00:00:00 2001 From: Daenney Date: Sun, 4 Jun 2023 18:55:57 +0200 Subject: [PATCH] [bugfix/docs] AppArmor profile for SQLite (#1864) Our default configuration places the SQLite DB in /gotosocial/, but the AppArmor profile doesn't allow us to write there. Instead of making the whole directory writable, add a writable area in /gotosocial/db/ instead and advise in the docs to move the DB there. --- docs/installation_guide/advanced.md | 3 +++ example/apparmor/gotosocial | 1 + 2 files changed, 4 insertions(+) diff --git a/docs/installation_guide/advanced.md b/docs/installation_guide/advanced.md index 677ea47bc..ecd73fdbe 100644 --- a/docs/installation_guide/advanced.md +++ b/docs/installation_guide/advanced.md @@ -256,6 +256,9 @@ line under `[Service]`: AppArmorProfile=gotosocial ``` +If you're using SQLite, the AppArmor profile expects the database in +`/gotosocial/db/` so you'll need to adjust your configuration paths accordingly. + For other deployment methods (e.g. a managed Kubernetes cluster), you should review your platform's documentation for how to deploy an application with an AppArmor profile. diff --git a/example/apparmor/gotosocial b/example/apparmor/gotosocial index 341bfd205..40686194d 100644 --- a/example/apparmor/gotosocial +++ b/example/apparmor/gotosocial @@ -9,6 +9,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) { /usr/local/bin/gotosocial mrix, owner /gotosocial/{,**} r, + owner /gotosocial/db/* wk, owner /gotosocial/storage/** wk, # Allow GoToSocial to write logs