add other shit

Rippanda12 · Rippanda12 · commit 25b23c2c7fcd · 2025-03-03T20:50:52.000+02:00
diff --git a/apparmor.txt b/apparmor.txt
@@ -0,0 +1,88 @@
+#include <tunables/global>
+
+profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  #include <abstractions/python>
+
+  network,
+  deny network raw,
+
+  signal (send) set=(kill,term,int,hup,cont),
+
+  capability net_admin,
+  capability net_bind_service,
+  capability dac_read_search,
+  capability dac_override,
+  capability chown,
+
+  /bin/** ix,
+  /usr/bin/** ix,
+  /bin/udevadm Ux,
+  /sbin/udevd Ux,
+  /usr/local/bin/python* ix,
+  /usr/bin/git cx,
+  /usr/bin/gdbus cx,
+  /usr/lib/bashio/** ix,
+  /etc/s6/** ix,
+  /run/{s6,s6-rc*,service}/** ix,
+  /package/** ix,
+  /command/** ix,
+  /etc/services.d/** rwix,
+  /etc/cont-init.d/** rwix,
+  /etc/cont-finish.d/** rwix,
+
+  deny /proc/** wl,
+  deny /sys/** wl,
+
+  / r,
+  /** r,
+  /tmp/** rwk,
+  /data/** rw,
+  /run/{,**} rwk,
+  /dev/tty rw,
+  /root/.cas/{,**} rwk,
+  /etc/resolv.conf rw,
+  /run/docker.sock rw,
+
+  /usr/local/lib/** mr,
+
+  profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+    #include <abstractions/dbus>
+
+    signal (receive) set=(int),
+    unix (send, receive) type=stream,
+
+    capability sys_nice,
+
+    /** r,
+    /lib/* mr,
+    /usr/bin/gdbus mr,
+    /usr/local/lib/** mr,
+
+    /run/dbus/system_bus_socket rw,
+  }
+
+  profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+
+    network,
+    deny network raw,
+
+    signal (receive) set=(term),
+
+    /bin/busybox ix,
+    /usr/bin/git mrix,
+    /usr/libexec/git-core/* ix,
+
+    deny /data/homeassistant rw,
+    deny /data/ssl rw,
+
+    /** r,
+    /lib/* mr,
+    /data/addons/** lrw,
+    /usr/local/lib/** mr,
+
+    capability dac_override,
+  }
+}
diff --git a/apparmor_beta.txt b/apparmor_beta.txt
@@ -0,0 +1,92 @@
+#include <tunables/global>
+
+profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  #include <abstractions/python>
+
+  network unix stream,
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+
+  signal (send) set=(kill,term,int,hup,cont),
+
+  capability net_admin,
+  capability net_bind_service,
+  capability dac_read_search,
+  capability dac_override,
+  capability chown,
+
+  /bin/** ix,
+  /usr/bin/** ix,
+  /bin/udevadm Ux,
+  /sbin/udevd Ux,
+  /usr/local/bin/python* ix,
+  /usr/bin/git cx,
+  /usr/bin/gdbus cx,
+  /usr/lib/bashio/** ix,
+  /etc/s6/** ix,
+  /run/{s6,s6-rc*,service}/** ix,
+  /package/** ix,
+  /command/** ix,
+  /etc/services.d/** rwix,
+  /etc/cont-init.d/** rwix,
+  /etc/cont-finish.d/** rwix,
+
+  deny /proc/** wl,
+  deny /sys/** wl,
+
+  / r,
+  /** r,
+  /tmp/** rwk,
+  /data/** rw,
+  /run/{,**} rwk,
+  /dev/tty rw,
+  /root/.cas/{,**} rwk,
+  /etc/resolv.conf rw,
+  /run/docker.sock rw,
+
+  /usr/local/lib/** mr,
+
+  profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+    #include <abstractions/dbus>
+
+    signal (receive) set=(int),
+    unix (send, receive) type=stream,
+
+    capability sys_nice,
+
+    /** r,
+    /lib/* mr,
+    /usr/bin/gdbus mr,
+    /usr/local/lib/** mr,
+
+    /run/dbus/system_bus_socket rw,
+  }
+
+  profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+
+    network,
+    deny network raw,
+
+    signal (receive) set=(term),
+
+    /bin/busybox ix,
+    /usr/bin/git mrix,
+    /usr/libexec/git-core/* ix,
+
+    deny /data/homeassistant rw,
+    deny /data/ssl rw,
+
+    /** r,
+    /lib/* mr,
+    /data/addons/** lrw,
+    /usr/local/lib/** mr,
+
+    capability dac_override,
+  }
+}
diff --git a/apparmor_dev.txt b/apparmor_dev.txt
@@ -0,0 +1,92 @@
+#include <tunables/global>
+
+profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  #include <abstractions/python>
+
+  network unix stream,
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+
+  signal (send) set=(kill,term,int,hup,cont),
+
+  capability net_admin,
+  capability net_bind_service,
+  capability dac_read_search,
+  capability dac_override,
+  capability chown,
+
+  /bin/** ix,
+  /usr/bin/** ix,
+  /bin/udevadm Ux,
+  /sbin/udevd Ux,
+  /usr/local/bin/python* ix,
+  /usr/bin/git cx,
+  /usr/bin/gdbus cx,
+  /usr/lib/bashio/** ix,
+  /etc/s6/** ix,
+  /run/{s6,s6-rc*,service}/** ix,
+  /package/** ix,
+  /command/** ix,
+  /etc/services.d/** rwix,
+  /etc/cont-init.d/** rwix,
+  /etc/cont-finish.d/** rwix,
+
+  deny /proc/** wl,
+  deny /sys/** wl,
+
+  / r,
+  /** r,
+  /tmp/** rwk,
+  /data/** rw,
+  /run/{,**} rwk,
+  /dev/tty rw,
+  /root/.cas/{,**} rwk,
+  /etc/resolv.conf rw,
+  /run/docker.sock rw,
+
+  /usr/local/lib/** mr,
+
+  profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+    #include <abstractions/dbus>
+
+    signal (receive) set=(int),
+    unix (send, receive) type=stream,
+
+    capability sys_nice,
+
+    /** r,
+    /lib/* mr,
+    /usr/bin/gdbus mr,
+    /usr/local/lib/** mr,
+
+    /run/dbus/system_bus_socket rw,
+  }
+
+  profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+
+    network,
+    deny network raw,
+
+    signal (receive) set=(term),
+
+    /bin/busybox ix,
+    /usr/bin/git mrix,
+    /usr/libexec/git-core/* ix,
+
+    deny /data/homeassistant rw,
+    deny /data/ssl rw,
+
+    /** r,
+    /lib/* mr,
+    /data/addons/** lrw,
+    /usr/local/lib/** mr,
+
+    capability dac_override,
+  }
+}
diff --git a/apparmor_stable.txt b/apparmor_stable.txt
@@ -0,0 +1,92 @@
+#include <tunables/global>
+
+profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  #include <abstractions/python>
+
+  network unix stream,
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+
+  signal (send) set=(kill,term,int,hup,cont),
+
+  capability net_admin,
+  capability net_bind_service,
+  capability dac_read_search,
+  capability dac_override,
+  capability chown,
+
+  /bin/** ix,
+  /usr/bin/** ix,
+  /bin/udevadm Ux,
+  /sbin/udevd Ux,
+  /usr/local/bin/python* ix,
+  /usr/bin/git cx,
+  /usr/bin/gdbus cx,
+  /usr/lib/bashio/** ix,
+  /etc/s6/** ix,
+  /run/{s6,s6-rc*,service}/** ix,
+  /package/** ix,
+  /command/** ix,
+  /etc/services.d/** rwix,
+  /etc/cont-init.d/** rwix,
+  /etc/cont-finish.d/** rwix,
+
+  deny /proc/** wl,
+  deny /sys/** wl,
+
+  / r,
+  /** r,
+  /tmp/** rwk,
+  /data/** rw,
+  /run/{,**} rwk,
+  /dev/tty rw,
+  /root/.cas/{,**} rwk,
+  /etc/resolv.conf rw,
+  /run/docker.sock rw,
+
+  /usr/local/lib/** mr,
+
+  profile /usr/bin/gdbus flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+    #include <abstractions/dbus>
+
+    signal (receive) set=(int),
+    unix (send, receive) type=stream,
+
+    capability sys_nice,
+
+    /** r,
+    /lib/* mr,
+    /usr/bin/gdbus mr,
+    /usr/local/lib/** mr,
+
+    /run/dbus/system_bus_socket rw,
+  }
+
+  profile /usr/bin/git flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+
+    network,
+    deny network raw,
+
+    signal (receive) set=(term),
+
+    /bin/busybox ix,
+    /usr/bin/git mrix,
+    /usr/libexec/git-core/* ix,
+
+    deny /data/homeassistant rw,
+    deny /data/ssl rw,
+
+    /** r,
+    /lib/* mr,
+    /data/addons/** lrw,
+    /usr/local/lib/** mr,
+
+    capability dac_override,
+  }
+}
diff --git a/online.txt b/online.txt
@@ -0,0 +1 @@
+NetworkManager is online
diff --git a/update-supervisor.txt b/update-supervisor.txt
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+version=$(curl -s https://ameridroid.github.io/HA-version/stable.json | jq -r '.supervisor // "latest"' || echo "latest")
+arch=$(docker image ls | grep -- '-hassio-observer'  | awk '{print $1}' | awk -F/ '{print $3}' | awk -F- '{print $1}')
+
+docker pull "ghcr.io/ameridroid/${arch}-hassio-supervisor:${version}"
+docker tag "ghcr.io/ameridroid/${arch}-hassio-supervisor:${version}" "ghcr.io/ameridroid/${arch}-hassio-supervisor:latest"
+
+# hassos-supervisor script will recreate the container automatically.
+docker stop hassio_supervisor
