mirror of
1
Fork 0

[bugfix/docs] AppArmor profile for SQLite (#1864)

Our default configuration places the SQLite DB in /gotosocial/, but the
AppArmor profile doesn't allow us to write there. Instead of making the
whole directory writable, add a writable area in /gotosocial/db/ instead
and advise in the docs to move the DB there.
This commit is contained in:
Daenney 2023-06-04 18:55:57 +02:00 committed by tsmethurst
parent c4905ef728
commit d9d0c66899
2 changed files with 4 additions and 0 deletions

View File

@ -256,6 +256,9 @@ line under `[Service]`:
AppArmorProfile=gotosocial
```
If you're using SQLite, the AppArmor profile expects the database in
`/gotosocial/db/` so you'll need to adjust your configuration paths accordingly.
For other deployment methods (e.g. a managed Kubernetes cluster), you should
review your platform's documentation for how to deploy an application with an
AppArmor profile.

View File

@ -9,6 +9,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
/usr/local/bin/gotosocial mrix,
owner /gotosocial/{,**} r,
owner /gotosocial/db/* wk,
owner /gotosocial/storage/** wk,
# Allow GoToSocial to write logs