Adding upstream version 1.34.4.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-24 07:26:29 +02:00 · 2025-05-24 07:26:29 +02:00 · 4978089aab
commit 4978089aab
parent e393c3af3f
4963 changed files with 677545 additions and 0 deletions
--- a/docs/APPARMOR.md
+++ b/docs/APPARMOR.md
@ -0,0 +1,26 @@
+# AppArmor
+
+When running Telegraf under AppArmor users may see denial messages depending on
+the Telegraf plugins used and the AppArmor profile applied. Telegraf does not
+have control over the AppArmor profiles used. If users wish to address denials,
+then they must understand the collections made by their choice of Telegraf
+plugins, the denial messages, and the impact of changes to their AppArmor
+profiles.
+
+## Example Denial
+
+For example, users might see denial messages such as:
+
+```s
+type=AVC msg=audit(1588901740.036:2457789): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=9030 comm="telegraf" requested_mask="read" denied_mask="read" peer="unconfined"
+```
+
+In this case, Telegraf will also need the ability to ptrace(read). User's will
+first need to analyze the denial message for the operation and requested mask.
+Then consider if the required changes make sense. There may be additional
+denials even after initial changes.
+
+For more details around AppArmor settings and configuration, users can check out
+the `man 5 apparmor.d` man page on their system or the [AppArmor wiki][wiki].
+
+[wiki]: https://gitlab.com/apparmor/apparmor/-/wikis/home