Skip to content

Commit 189c1b9

Browse files
actions-useractions-user
committed
Update version files
1 parent 9666ee1 commit 189c1b9

File tree

7 files changed

+499
-0
lines changed

7 files changed

+499
-0
lines changed

apparmor.txt

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
#include <tunables/global>
2+
3+
profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
4+
#include <abstractions/base>
5+
#include <abstractions/python>
6+
7+
network,
8+
deny network raw,
9+
10+
signal (send) set=(kill,term,int,hup,cont),
11+
12+
capability net_admin,
13+
capability net_bind_service,
14+
capability dac_read_search,
15+
capability dac_override,
16+
capability chown,
17+
18+
/bin/** ix,
19+
/usr/bin/** ix,
20+
/bin/udevadm Ux,
21+
/sbin/udevd Ux,
22+
/usr/local/bin/python* ix,
23+
/usr/bin/git cx,
24+
/usr/bin/gdbus cx,
25+
/usr/lib/bashio/** ix,
26+
/etc/s6/** ix,
27+
/run/{s6,s6-rc*,service}/** ix,
28+
/package/** ix,
29+
/command/** ix,
30+
/etc/services.d/** rwix,
31+
/etc/cont-init.d/** rwix,
32+
/etc/cont-finish.d/** rwix,
33+
34+
deny /proc/** wl,
35+
deny /sys/** wl,
36+
37+
/ r,
38+
/** r,
39+
/tmp/** rwk,
40+
/data/** rw,
41+
/run/{,**} rwk,
42+
/dev/tty rw,
43+
/root/.cas/{,**} rwk,
44+
/etc/resolv.conf rw,
45+
/run/docker.sock rw,
46+
47+
/usr/local/lib/** mr,
48+
49+
profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
50+
#include <abstractions/base>
51+
#include <abstractions/dbus>
52+
53+
signal (receive) set=(int),
54+
unix (send, receive) type=stream,
55+
56+
capability sys_nice,
57+
58+
/** r,
59+
/lib/* mr,
60+
/usr/bin/gdbus mr,
61+
/usr/local/lib/** mr,
62+
63+
/run/dbus/system_bus_socket rw,
64+
}
65+
66+
profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
67+
#include <abstractions/base>
68+
69+
network,
70+
deny network raw,
71+
72+
signal (receive) set=(term),
73+
74+
/bin/busybox ix,
75+
/usr/bin/git mrix,
76+
/usr/libexec/git-core/* ix,
77+
78+
deny /data/homeassistant rw,
79+
deny /data/ssl rw,
80+
81+
/** r,
82+
/lib/* mr,
83+
/data/addons/** lrw,
84+
/usr/local/lib/** mr,
85+
86+
capability dac_override,
87+
}
88+
}

apparmor_beta.txt

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
#include <tunables/global>
2+
3+
profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
4+
#include <abstractions/base>
5+
#include <abstractions/python>
6+
7+
network,
8+
deny network raw,
9+
10+
signal (send) set=(kill,term,int,hup,cont),
11+
12+
capability net_admin,
13+
capability net_bind_service,
14+
capability dac_read_search,
15+
capability dac_override,
16+
capability chown,
17+
18+
/bin/** ix,
19+
/usr/bin/** ix,
20+
/bin/udevadm Ux,
21+
/sbin/udevd Ux,
22+
/usr/local/bin/python* ix,
23+
/usr/bin/git cx,
24+
/usr/bin/gdbus cx,
25+
/usr/lib/bashio/** ix,
26+
/etc/s6/** ix,
27+
/run/{s6,s6-rc*,service}/** ix,
28+
/package/** ix,
29+
/command/** ix,
30+
/etc/services.d/** rwix,
31+
/etc/cont-init.d/** rwix,
32+
/etc/cont-finish.d/** rwix,
33+
34+
deny /proc/** wl,
35+
deny /sys/** wl,
36+
37+
/ r,
38+
/** r,
39+
/tmp/** rwk,
40+
/data/** rw,
41+
/run/{,**} rwk,
42+
/dev/tty rw,
43+
/root/.cas/{,**} rwk,
44+
/etc/resolv.conf rw,
45+
/run/docker.sock rw,
46+
47+
/usr/local/lib/** mr,
48+
49+
profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
50+
#include <abstractions/base>
51+
#include <abstractions/dbus>
52+
53+
signal (receive) set=(int),
54+
unix (send, receive) type=stream,
55+
56+
capability sys_nice,
57+
58+
/** r,
59+
/lib/* mr,
60+
/usr/bin/gdbus mr,
61+
/usr/local/lib/** mr,
62+
63+
/run/dbus/system_bus_socket rw,
64+
}
65+
66+
profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
67+
#include <abstractions/base>
68+
69+
network,
70+
deny network raw,
71+
72+
signal (receive) set=(term),
73+
74+
/bin/busybox ix,
75+
/usr/bin/git mrix,
76+
/usr/libexec/git-core/* ix,
77+
78+
deny /data/homeassistant rw,
79+
deny /data/ssl rw,
80+
81+
/** r,
82+
/lib/* mr,
83+
/data/addons/** lrw,
84+
/usr/local/lib/** mr,
85+
86+
capability dac_override,
87+
}
88+
}

apparmor_dev.txt

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
#include <tunables/global>
2+
3+
profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
4+
#include <abstractions/base>
5+
#include <abstractions/python>
6+
7+
network,
8+
deny network raw,
9+
10+
signal (send) set=(kill,term,int,hup,cont),
11+
12+
capability net_admin,
13+
capability net_bind_service,
14+
capability dac_read_search,
15+
capability dac_override,
16+
capability chown,
17+
18+
/bin/** ix,
19+
/usr/bin/** ix,
20+
/bin/udevadm Ux,
21+
/sbin/udevd Ux,
22+
/usr/local/bin/python* ix,
23+
/usr/bin/git cx,
24+
/usr/bin/gdbus cx,
25+
/usr/lib/bashio/** ix,
26+
/etc/s6/** ix,
27+
/run/{s6,s6-rc*,service}/** ix,
28+
/package/** ix,
29+
/command/** ix,
30+
/etc/services.d/** rwix,
31+
/etc/cont-init.d/** rwix,
32+
/etc/cont-finish.d/** rwix,
33+
34+
deny /proc/** wl,
35+
deny /sys/** wl,
36+
37+
/ r,
38+
/** r,
39+
/tmp/** rwk,
40+
/data/** rw,
41+
/run/{,**} rwk,
42+
/dev/tty rw,
43+
/root/.cas/{,**} rwk,
44+
/etc/resolv.conf rw,
45+
/run/docker.sock rw,
46+
47+
/usr/local/lib/** mr,
48+
49+
profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
50+
#include <abstractions/base>
51+
#include <abstractions/dbus>
52+
53+
signal (receive) set=(int),
54+
unix (send, receive) type=stream,
55+
56+
capability sys_nice,
57+
58+
/** r,
59+
/lib/* mr,
60+
/usr/bin/gdbus mr,
61+
/usr/local/lib/** mr,
62+
63+
/run/dbus/system_bus_socket rw,
64+
}
65+
66+
profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
67+
#include <abstractions/base>
68+
69+
network,
70+
deny network raw,
71+
72+
signal (receive) set=(term),
73+
74+
/bin/busybox ix,
75+
/usr/bin/git mrix,
76+
/usr/libexec/git-core/* ix,
77+
78+
deny /data/homeassistant rw,
79+
deny /data/ssl rw,
80+
81+
/** r,
82+
/lib/* mr,
83+
/data/addons/** lrw,
84+
/usr/local/lib/** mr,
85+
86+
capability dac_override,
87+
}
88+
}

apparmor_stable.txt

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
#include <tunables/global>
2+
3+
profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
4+
#include <abstractions/base>
5+
#include <abstractions/python>
6+
7+
network,
8+
deny network raw,
9+
10+
signal (send) set=(kill,term,int,hup,cont),
11+
12+
capability net_admin,
13+
capability net_bind_service,
14+
capability dac_read_search,
15+
capability dac_override,
16+
capability chown,
17+
18+
/bin/** ix,
19+
/usr/bin/** ix,
20+
/bin/udevadm Ux,
21+
/sbin/udevd Ux,
22+
/usr/local/bin/python* ix,
23+
/usr/bin/git cx,
24+
/usr/bin/gdbus cx,
25+
/usr/lib/bashio/** ix,
26+
/etc/s6/** ix,
27+
/run/{s6,s6-rc*,service}/** ix,
28+
/package/** ix,
29+
/command/** ix,
30+
/etc/services.d/** rwix,
31+
/etc/cont-init.d/** rwix,
32+
/etc/cont-finish.d/** rwix,
33+
34+
deny /proc/** wl,
35+
deny /sys/** wl,
36+
37+
/ r,
38+
/** r,
39+
/tmp/** rwk,
40+
/data/** rw,
41+
/run/{,**} rwk,
42+
/dev/tty rw,
43+
/root/.cas/{,**} rwk,
44+
/etc/resolv.conf rw,
45+
/run/docker.sock rw,
46+
47+
/usr/local/lib/** mr,
48+
49+
profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
50+
#include <abstractions/base>
51+
#include <abstractions/dbus>
52+
53+
signal (receive) set=(int),
54+
unix (send, receive) type=stream,
55+
56+
capability sys_nice,
57+
58+
/** r,
59+
/lib/* mr,
60+
/usr/bin/gdbus mr,
61+
/usr/local/lib/** mr,
62+
63+
/run/dbus/system_bus_socket rw,
64+
}
65+
66+
profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
67+
#include <abstractions/base>
68+
69+
network,
70+
deny network raw,
71+
72+
signal (receive) set=(term),
73+
74+
/bin/busybox ix,
75+
/usr/bin/git mrix,
76+
/usr/libexec/git-core/* ix,
77+
78+
deny /data/homeassistant rw,
79+
deny /data/ssl rw,
80+
81+
/** r,
82+
/lib/* mr,
83+
/data/addons/** lrw,
84+
/usr/local/lib/** mr,
85+
86+
capability dac_override,
87+
}
88+
}

0 commit comments

Comments
 (0)