From 308b248ec6bc23d13452aa5452c1fba69cf67e5d Mon Sep 17 00:00:00 2001
From: mapwood <124312432+mapwood@users.noreply.github.com>
Date: Sun, 5 Feb 2023 01:47:01 +0000
Subject: [PATCH] Profile for ipfs

Seems to work but will probably need some testing. IPFS uses a ridiculous amount of CPU, so not sure if it has anything to do with the profile. Also, I get lots of errors about "not able to reserve inbound connections," but I don't think that has anything to do with apparmor as other people on the internets have mentioned having the same problem. Link to that issue > http://4hpfzoj3tgyp2w7sbe3gnmphqiqpxwwyijyvotamrvojl7pkra7z7byd.onion/2022/12/ipfs-error-resource-limits-were-exceeded/
---
 ipfs-contrib | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 ipfs-contrib

diff --git a/ipfs-contrib b/ipfs-contrib
new file mode 100644
index 000000000..7af43359d
--- /dev/null
+++ b/ipfs-contrib
@@ -0,0 +1,26 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+# vim:syntax=apparmor
+# AppArmor policy for ipfs
+# Copyright (C) 2023 Andy Ramos
+# SPDX-License-Identifier: GPL-3.0-only
+
+profile ipfs /usr/local/bin/ipfs {
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/ssl_certs>
+
+  /dev/tty r,
+  /etc/mime.types r,
+  @{PROC}/sys/kernel/hostname r,
+  @{PROC}/sys/net/core/somaxconn r,
+  @{run}/systemd/resolve/stub-resolv.conf r,
+  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+  owner /usr/local/bin/ipfs mr,
+  owner @{HOME}/.ipfs/{,**} rwk,
+  /srv/repos/{,**} r,
+  /srv/torrent/{,**} r,
+  /usr/share/mime/globs2 r,
+}