Profile for ipfs

Seems to work but will probably need some testing. IPFS uses a ridiculous amount of CPU, so not sure if it has anything to do with the profile. Also, I get lots of errors about "not able to reserve inbound connections," but I don't think that has anything to do with apparmor as other people on the internets have mentioned having the same problem. Link to that issue > http://4hpfzoj3tgyp2w7sbe3gnmphqiqpxwwyijyvotamrvojl7pkra7z7byd.onion/2022/12/ipfs-error-resource-limits-were-exceeded/
2023-02-05 01:47:01 +00:00 · 2023-02-05 01:47:01 +00:00 · 308b248ec6
commit 308b248ec6
parent 1ff3636fb5
1 changed files with 26 additions and 0 deletions
--- a/26
+++ b/26
@ -0,0 +1,26 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+# vim:syntax=apparmor
+# AppArmor policy for ipfs
+# Copyright (C) 2023 Andy Ramos
+# SPDX-License-Identifier: GPL-3.0-only
+
+profile ipfs /usr/local/bin/ipfs {
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/ssl_certs>
+
+  /dev/tty r,
+  /etc/mime.types r,
+  @{PROC}/sys/kernel/hostname r,
+  @{PROC}/sys/net/core/somaxconn r,
+  @{run}/systemd/resolve/stub-resolv.conf r,
+  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+  owner /usr/local/bin/ipfs mr,
+  owner @{HOME}/.ipfs/{,**} rwk,
+  /srv/repos/{,**} r,
+  /srv/torrent/{,**} r,
+  /usr/share/mime/globs2 r,
+}