Profile for ipfs
Seems to work but will probably need some testing. IPFS uses a ridiculous amount of CPU, so not sure if it has anything to do with the profile. Also, I get lots of errors about "not able to reserve inbound connections," but I don't think that has anything to do with apparmor as other people on the internets have mentioned having the same problem. Link to that issue > http://4hpfzoj3tgyp2w7sbe3gnmphqiqpxwwyijyvotamrvojl7pkra7z7byd.onion/2022/12/ipfs-error-resource-limits-were-exceeded/
This commit is contained in:
mapwood
GitHub
parent
1ff3636fb5
commit
308b248ec6
1 changed files with 26 additions and 0 deletions
26
ipfs-contrib
Normal file
26
ipfs-contrib
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
||||||
|
# AppArmor policy for ipfs
|
||||||
|
# Copyright (C) 2023 Andy Ramos
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-only
|
||||||
|
|
||||||
|
profile ipfs /usr/local/bin/ipfs {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/nameservice>
|
||||||
|
include <abstractions/ssl_certs>
|
||||||
|
|
||||||
|
/dev/tty r,
|
||||||
|
/etc/mime.types r,
|
||||||
|
@{PROC}/sys/kernel/hostname r,
|
||||||
|
@{PROC}/sys/net/core/somaxconn r,
|
||||||
|
@{run}/systemd/resolve/stub-resolv.conf r,
|
||||||
|
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
|
||||||
|
owner /usr/local/bin/ipfs mr,
|
||||||
|
owner @{HOME}/.ipfs/{,**} rwk,
|
||||||
|
/srv/repos/{,**} r,
|
||||||
|
/srv/torrent/{,**} r,
|
||||||
|
/usr/share/mime/globs2 r,
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue