From 7491bc40963b6b60e9740401291660aafbfb6208 Mon Sep 17 00:00:00 2001 From: Stasiek Michalski Date: Feb 18 2020 19:34:32 +0000 Subject: Fix the conflicts --- diff --git a/pillar/role/matrix.sls b/pillar/role/matrix.sls index 75f6025..fca5a3d 100644 --- a/pillar/role/matrix.sls +++ b/pillar/role/matrix.sls @@ -17,9 +17,14 @@ sudoers: matrix-admins: - 'ALL=(ALL) ALL' +apparmor: + profiles: + matrix-synapse: + source: salt://profile/matrix/files/matrix-synapse.apparmor + zypper: repositories: openSUSE:infrastructure:matrix: baseurl: http://download.infra.opensuse.org/repositories/openSUSE:/infrastructure:/matrix/openSUSE_Leap_$releasever/ priority: 100 - refresh: True \ No newline at end of file + refresh: True diff --git a/salt/profile/matrix/files/matrix-synapse.apparmor b/salt/profile/matrix/files/matrix-synapse.apparmor new file mode 100644 index 0000000..66ea768 --- /dev/null +++ b/salt/profile/matrix/files/matrix-synapse.apparmor @@ -0,0 +1,32 @@ +profile matrix-synapse { + include + include + include + include + + network inet stream, + network inet6 stream, + + /etc/gai.conf r, + /etc/host.conf r, + /etc/hosts r, + /etc/mime.types r, + /etc/nsswitch.conf r, + /etc/passwd r, + /etc/resolv.conf r, + + owner @{PROC}/@{pid}/{fd/,limits,mounts,stat} r, + + /etc/matrix-synapse/** r, + owner /var/lib/matrix-synapse/ r, + owner /var/{lib,log}/matrix-synapse/** rw, + + /usr/bin/bash Cx -> bash, + + profile bash { + include + + /usr/bin/bash r, + /usr/bin/uname PUx, + } +} diff --git a/salt/profile/matrix/files/synapse.service b/salt/profile/matrix/files/synapse.service index 6a1358b..6b4ecca 100644 --- a/salt/profile/matrix/files/synapse.service +++ b/salt/profile/matrix/files/synapse.service @@ -6,6 +6,7 @@ Type=simple Restart=on-failure RestartSec=3 +AppArmorProfile=matrix-synapse User=synapse Group=synapse WorkingDirectory=/var/lib/matrix-synapse/