commit 45773a0bf441b6e8a9aa4f5abdef16a7085677e6
parent 97bc2e713a6e5b2c25869b93f5232560d7110170
Author: Daenney <daenney@users.noreply.github.com>
Date: Sun, 4 Jun 2023 18:55:57 +0200
[bugfix/docs] AppArmor profile for SQLite (#1864)
Our default configuration places the SQLite DB in /gotosocial/, but the
AppArmor profile doesn't allow us to write there. Instead of making the
whole directory writable, add a writable area in /gotosocial/db/ instead
and advise in the docs to move the DB there.
Diffstat:
2 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/docs/installation_guide/advanced.md b/docs/installation_guide/advanced.md
@@ -256,6 +256,9 @@ line under `[Service]`:
AppArmorProfile=gotosocial
```
+If you're using SQLite, the AppArmor profile expects the database in
+`/gotosocial/db/` so you'll need to adjust your configuration paths accordingly.
+
For other deployment methods (e.g. a managed Kubernetes cluster), you should
review your platform's documentation for how to deploy an application with an
AppArmor profile.
diff --git a/example/apparmor/gotosocial b/example/apparmor/gotosocial
@@ -9,6 +9,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
/usr/local/bin/gotosocial mrix,
owner /gotosocial/{,**} r,
+ owner /gotosocial/db/* wk,
owner /gotosocial/storage/** wk,
# Allow GoToSocial to write logs
