Add /tmp access to promtail apparmor profile

[pdecat]

Proposed Changes

Resolve apparmor="DENIED" messages for the promtail process in system logs

Related Issues

Fixes #199

[pdecat]

The changes from this PR can be applied manually to the /usr/share/hassio/apparmor/39bd2704_promtail file locally then made effective by reloading the AppArmor profile:

sudo apparmor_parser -r /usr/share/hassio/apparmor/39bd2704_promtail

[danielgoepp]

I run HAOS, so I don't believe I have access to use this work around. Is there some way to implement this on HAOS?

[pdecat]

I run HAOS, so I don't believe I have access to use this work around. Is there some way to implement this on HAOS?

You should be able to SSH into HAOS using the instructions from https://developers.home-assistant.io/docs/operating-system/debugging/#ssh-access-to-the-host

[pdecat]

Hi @mdegat01, would you mind having a look at this PR?

[danielgoepp]

It won't affect you @pdecat of course, but in case anyone else finds this thread and is having this problem with the latest HAOS version, there are a couple things to note. My file was actually in a different path:

/mnt/data/supervisor/apparmor/39bd2704_promtail

Noting that it goes in the profile promtail section, not that first section. I was tripped up by not paying attention for a minute.

and then of course the command to reload changes too:

apparmor_parser -r /mnt/data/supervisor/apparmor/39bd2704_promtail

Also note that Supervisor access in the UI is no longer there. You can get to it by rewriting the URL to /hassio/system, but that's not really how you should now. You should get to the console and do 'ha os import' however I didn't seem to even need to do that. I just put an authorized_keys file on a USB names 'CONFIG' and it let me in without importing anything. I think the import is only needed if you want it to persist on reboot, which I don't necessarily.

[danielgoepp]

@pdecat are we the only two people that use this add-on? ;) Or has nobody else even noticed this is broken?

[geekifier]

@pdecat are we the only two people that use this add-on? ;) Or has nobody else even noticed this is broken?

There are dozens of us! Dozens!

In all seriousness, one nice thing of installing a log aggregation add-on, is that you can see those failures in the logs :).

[github-actions[bot]]

There hasn't been any activity on this pull request recently. This pull request has been automatically marked as stale because of that and will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[pdecat]

Still current.

[danielgoepp]

Still current.

Do we fork this and resubmit as a new add on? ;)

[pdecat]

Thanks @mdegat01!

[danielgoepp]

Thanks @mdegat01!