From 959cf57a469a67c7256cddadd1d76cdcf8e73531 Mon Sep 17 00:00:00 2001
From: JP Scott <tenseconddelay@gmail.com>
Date: Sun, 1 Mar 2026 14:45:35 -0700
Subject: [PATCH] Add apparmor:unconfined to all services for Proxmox LXC
 compatibility

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 docker-compose.prod.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index fcd42b2..22e2b26 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -2,6 +2,8 @@ services:
   db:
     image: postgres:16-alpine
     restart: unless-stopped
+    security_opt:
+      - apparmor:unconfined
     environment:
       POSTGRES_USER: ${POSTGRES_USER:?Set POSTGRES_USER in .env.production}
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD in .env.production}
@@ -17,6 +19,8 @@ services:
   minio:
     image: minio/minio:latest
     restart: unless-stopped
+    security_opt:
+      - apparmor:unconfined
     environment:
       MINIO_ROOT_USER: ${MINIO_ACCESS_KEY:?Set MINIO_ACCESS_KEY in .env.production}
       MINIO_ROOT_PASSWORD: ${MINIO_SECRET_KEY:?Set MINIO_SECRET_KEY in .env.production}
@@ -31,6 +35,8 @@ services:
 
   minio-init:
     image: minio/mc:latest
+    security_opt:
+      - apparmor:unconfined
     depends_on:
       minio:
         condition: service_healthy
@@ -47,6 +53,8 @@ services:
 
   migrate:
     image: node:20-alpine
+    security_opt:
+      - apparmor:unconfined
     depends_on:
       db:
         condition: service_healthy
@@ -65,6 +73,8 @@ services:
   app:
     image: jpscott84/drinktracker:latest
     restart: unless-stopped
+    security_opt:
+      - apparmor:unconfined
     ports:
       - "3000:3000"
     depends_on: