[bugfix/docs] AppArmor profile for SQLite (#1864)
Our default configuration places the SQLite DB in /gotosocial/, but the AppArmor profile doesn't allow us to write there. Instead of making the whole directory writable, add a writable area in /gotosocial/db/ instead and advise in the docs to move the DB there.
This commit is contained in:
parent
97bc2e713a
commit
45773a0bf4
|
@ -256,6 +256,9 @@ line under `[Service]`:
|
||||||
AppArmorProfile=gotosocial
|
AppArmorProfile=gotosocial
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If you're using SQLite, the AppArmor profile expects the database in
|
||||||
|
`/gotosocial/db/` so you'll need to adjust your configuration paths accordingly.
|
||||||
|
|
||||||
For other deployment methods (e.g. a managed Kubernetes cluster), you should
|
For other deployment methods (e.g. a managed Kubernetes cluster), you should
|
||||||
review your platform's documentation for how to deploy an application with an
|
review your platform's documentation for how to deploy an application with an
|
||||||
AppArmor profile.
|
AppArmor profile.
|
||||||
|
|
|
@ -9,6 +9,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
|
||||||
/usr/local/bin/gotosocial mrix,
|
/usr/local/bin/gotosocial mrix,
|
||||||
|
|
||||||
owner /gotosocial/{,**} r,
|
owner /gotosocial/{,**} r,
|
||||||
|
owner /gotosocial/db/* wk,
|
||||||
owner /gotosocial/storage/** wk,
|
owner /gotosocial/storage/** wk,
|
||||||
|
|
||||||
# Allow GoToSocial to write logs
|
# Allow GoToSocial to write logs
|
||||||
|
|
Loading…
Reference in New Issue