From d41ba993dd36547bf0e8fc019516ce8d7cf6fa9e Mon Sep 17 00:00:00 2001
From: Mike Degatano <michael.degatano@gmail.com>
Date: Wed, 6 Jul 2022 18:02:43 -0400
Subject: [PATCH 1/2] Fix aa permission on fix-attrs.d

---
 promtail/apparmor.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/promtail/apparmor.txt b/promtail/apparmor.txt
index 7c50fa4..907b332 100644
--- a/promtail/apparmor.txt
+++ b/promtail/apparmor.txt
@@ -28,6 +28,7 @@ profile promtail flags=(attach_disconnected,mediate_deleted) {
   /bin/**                                 rix,
   /usr/bin/**                             rix,
   @{do_etc}/s6/**                         rix,
+  @{do_etc}/fix-attrs.d/{,*}              rw,
   @{do_etc}/services.d/{,**}              rwix,
   @{do_etc}/cont-{init,finish}.d/{,**}    rwix,
   @{do_run}/{s6,s6-rc*,service}/**        rwix,

From 70400b9471b824a77ccddc7a94f05ded68dca284 Mon Sep 17 00:00:00 2001
From: Mike Degatano <michael.degatano@gmail.com>
Date: Wed, 6 Jul 2022 18:03:48 -0400
Subject: [PATCH 2/2] Just read access

---
 promtail/apparmor.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/promtail/apparmor.txt b/promtail/apparmor.txt
index 907b332..a1fdee0 100644
--- a/promtail/apparmor.txt
+++ b/promtail/apparmor.txt
@@ -28,7 +28,7 @@ profile promtail flags=(attach_disconnected,mediate_deleted) {
   /bin/**                                 rix,
   /usr/bin/**                             rix,
   @{do_etc}/s6/**                         rix,
-  @{do_etc}/fix-attrs.d/{,*}              rw,
+  @{do_etc}/fix-attrs.d/{,*}              r,
   @{do_etc}/services.d/{,**}              rwix,
   @{do_etc}/cont-{init,finish}.d/{,**}    rwix,
   @{do_run}/{s6,s6-rc*,service}/**        rwix,