SuperSeriousBusiness
/
GoToSocial
mirror of https://github.com/superseriousbusiness/gotosocial
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

[bugfix/docs] AppArmor profile for SQLite (#1864) 

Our default configuration places the SQLite DB in /gotosocial/, but the
AppArmor profile doesn't allow us to write there. Instead of making the
whole directory writable, add a writable area in /gotosocial/db/ instead
and advise in the docs to move the DB there.
This commit is contained in:
Daenney 2023-06-04 18:55:57 +02:00 committed by GitHub
parent 97bc2e713a
commit 45773a0bf4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/installation_guide/advanced.md
View File

@ -256,6 +256,9 @@ line under `[Service]`:
AppArmorProfile=gotosocial AppArmorProfile=gotosocial
``` ```
If you're using SQLite, the AppArmor profile expects the database in
`/gotosocial/db/` so you'll need to adjust your configuration paths accordingly.
For other deployment methods (e.g. a managed Kubernetes cluster), you should For other deployment methods (e.g. a managed Kubernetes cluster), you should
review your platform's documentation for how to deploy an application with an review your platform's documentation for how to deploy an application with an
AppArmor profile. AppArmor profile.

1
example/apparmor/gotosocial
View File

@ -9,6 +9,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
/usr/local/bin/gotosocial mrix, /usr/local/bin/gotosocial mrix,
owner /gotosocial/{,**} r, owner /gotosocial/{,**} r,
owner /gotosocial/db/* wk,
owner /gotosocial/storage/** wk, owner /gotosocial/storage/** wk,
# Allow GoToSocial to write logs # Allow GoToSocial to write logs