Commit Graph

5 Commits

Author SHA1 Message Date
Sqx. Flann van der Eik 2a437685fc
[docs/bugfix] Fix access to /dev and /tmp in AppArmor profile (#3444) 2024-10-16 14:34:08 +02:00
tobi 7978d88a01
[chore] Update apparmor example file (#3368) 2024-09-28 16:58:39 +02:00
tux93 d8956d710e
[docs/bugfix] Allow access to TMP directories in example AppArmor config (#2683)
* Remove trailing whitespace from example config

* Update and extend example AppArmor profile
2024-02-24 09:44:53 +01:00
Daenney 45773a0bf4
[bugfix/docs] AppArmor profile for SQLite (#1864)
Our default configuration places the SQLite DB in /gotosocial/, but the
AppArmor profile doesn't allow us to write there. Instead of making the
whole directory writable, add a writable area in /gotosocial/db/ instead
and advise in the docs to move the DB there.
2023-06-04 18:55:57 +02:00
kernelmethod 1652633d93
[docs] Add AppArmor profile for Debian and Ubuntu installations (#1183)
* Enable the 'admonitions' Markdown extension for Mkdocs.

The admonitions extension to Python-Markdown allows you to include
rST-style "admonitions" to Markdown documents, for instance,

    !!! note
        Here's an important note to keep in mind!

In general, the current documentation uses bold text to try to achieve
the same effect, which is a bit harder to notice and makes it difficult
to differentiate between "here's something useful to know" versus "here
there be dragons".

* Add AppArmor profile and documentation for LSM-related sandboxing

This commit adds an AppArmor profile for gotosocial in
examples/apparmor/gotosocial. This will (hopefully) serve as a helpful
security mitigation for people are planning on deploying GTS on a
Debian-family Linux distribution.

I've also updates the documentation to include some information about
deploying GTS with either AppArmor or SELinux (moving the documentation
for the former out of the "binary installation guide" docs).
2022-11-30 23:09:26 +01:00