From 2a437685fc880f519d81a75724644c3fb5eea97f Mon Sep 17 00:00:00 2001
From: "Sqx. Flann van der Eik" <182124780+fl4nn@users.noreply.github.com>
Date: Wed, 16 Oct 2024 14:34:08 +0200
Subject: [PATCH] [docs/bugfix] Fix access to /dev and /tmp in AppArmor profile
 (#3444)

---
 example/apparmor/gotosocial | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/example/apparmor/gotosocial b/example/apparmor/gotosocial
index a36c83cc7..44192428c 100644
--- a/example/apparmor/gotosocial
+++ b/example/apparmor/gotosocial
@@ -24,12 +24,12 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
 
   # Embedded ffmpeg needs read
   # permission on /dev/urandom.
-  owner /dev/ r,
-  owner /dev/urandom r,
+  /dev/ r,
+  /dev/urandom r,
 
   # Temp dir access is needed for storing
   # files briefly during media processing.
-  owner /tmp/ r,
+  /tmp/ r,
   owner /tmp/* rwk,
 
   # If running with GTS_WAZERO_COMPILATION_CACHE set,
@@ -39,7 +39,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
 
   # If you've enabled logging to syslog, allow GoToSocial
   # to write logs by uncommenting the following line:
-  # owner /var/log/syslog w,
+  # /var/log/syslog w,
 
   # These directories are not currently used by any of
   # the recommended GoToSocial installation methods, but
@@ -65,6 +65,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
   /etc/services r,
   /proc/sys/net/core/somaxconn r,
   /sys/fs/cgroup/system.slice/gotosocial.service/{,*} r,
+  /sys/kernel/mm/hugepages/ r,
   /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
   owner /proc/*/cgroup r,
   owner /proc/*/cpuset r,