From 88efb0d92a195ab0785c19185ccedbf5865d4f5d Mon Sep 17 00:00:00 2001 From: Laszlo Magyar Date: Fri, 24 Jan 2025 23:46:05 +0100 Subject: [PATCH] fine tune apparmor --- tailscale/apparmor.txt | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/tailscale/apparmor.txt b/tailscale/apparmor.txt index 2922121b..73e6fedd 100644 --- a/tailscale/apparmor.txt +++ b/tailscale/apparmor.txt @@ -27,12 +27,21 @@ profile tailscale flags=(attach_disconnected,mediate_deleted) { # Access to options.json and other files within your addon /data/** rw, - # Mount - network, - capability, + # General - based on complain + capability net_bind_service, + capability dac_override, + capability fsetid, capability setgid, capability setuid, capability chown, - capability net_bind_service, - mount, + capability kill, + + # General - based on Config.yaml + capability net_admin, + capability net_raw, + + # Mount for MagicDNS fix + capability sys_admin, + mount options=(rw, rprivate) -> /, # unshare -m + mount options=(rw, bind) /etc/resolv.for-tailscaled.conf -> /etc/resolv.conf, # mount --bind }