📦 chore(devcontainer.json): add devcontainer configuration file for development environment setup
📦 chore(setup.sh): add setup script to install pre-commit and configure it 📄 docs(README.md): update repository name and add description of custom Home Assistant addons 📄 docs(kresus/DOCS.md): add documentation for Kresus addon 🐳 feat(kresus): add Dockerfile and build.yaml for Kresus addon 🔧 chore(kresus): add configuration files for Kresus addon 🔧 chore(kresus): add apparmor profile for Kresus addon 🔧 chore(kresus): add changelog and docs for Kresus addon 🔧 chore(kresus): add icon and logo for Kresus addon 🔧 chore(kresus): add license file for Kresus addon 🔧 chore(kresus): add README and requirements file for Kresus addon 🔧 chore(kresus): add service scripts for Kresus addon 🔧 chore(kresus): add translations for Kresus addon 🔧 chore(repository.yaml): add repository information for MrRaph_'s custom Home Assistant addons
This commit is contained in:
MrRaph_
72
kresus/apparmor.txt
Normal file
72
kresus/apparmor.txt
Normal file
@@ -0,0 +1,72 @@
|
||||
include <tunables/global>
|
||||
|
||||
profile kresus flags=(attach_disconnected,mediate_deleted) {
|
||||
#include <abstractions/base>
|
||||
|
||||
# Capabilities
|
||||
file,
|
||||
signal (send) set=(kill,term,int,hup,cont),
|
||||
capability chown,
|
||||
capability fowner,
|
||||
capability kill,
|
||||
|
||||
# S6-Overlay
|
||||
/init ix,
|
||||
/bin/** ix,
|
||||
/usr/bin/** ix,
|
||||
/run/{s6,s6-rc*,service}/** ix,
|
||||
/package/** ix,
|
||||
/command/** ix,
|
||||
/etc/services.d/** rwix,
|
||||
/etc/cont-init.d/** rwix,
|
||||
/etc/cont-finish.d/** rwix,
|
||||
/run/{,**} rwk,
|
||||
/dev/tty rw,
|
||||
|
||||
# Access to options.json and other files within your addon
|
||||
/data/options.json r,
|
||||
/data/kresus/{,**} rw,
|
||||
|
||||
/package/admin/s6-2.11.2.0/command/s6-applyuidgid cx -> s6setuidgid,
|
||||
profile s6setuidgid flags=(attach_disconnected,mediate_deleted) {
|
||||
#include <abstractions/base>
|
||||
capability setuid,
|
||||
capability setgid,
|
||||
|
||||
signal (receive) set=("cont","kill","term"),
|
||||
|
||||
# Generic accesses
|
||||
/package/admin/s6-2.11.2.0/command/s6-applyuidgid rm,
|
||||
|
||||
/bin/{bash,busybox} ix,
|
||||
/dev/{null,tty} rw,
|
||||
/etc/{group,hosts,os-release,passwd,resolv.conf,ssl/**} r,
|
||||
/package/admin/** rmix,
|
||||
/run/s6/container_environment** r,
|
||||
/tmp/.bashio/{,**} rw,
|
||||
/usr/bin/{curl,jq,ssl_client} rix,
|
||||
/usr/lib/bashio/bashio ix,
|
||||
/lib/** rmix,
|
||||
/tmp/pip-install-** rw,
|
||||
|
||||
# Kresus specific accesses
|
||||
/data/kresus_salt r,
|
||||
/data/kresus/{,**} rw,
|
||||
/etc/kresus/config.ini r,
|
||||
/woob/ r,
|
||||
/woob/** lrw,
|
||||
/woob/.py-deps/** lrwix,
|
||||
|
||||
/usr/bin/{,**} r,
|
||||
/usr/bin/git ix,
|
||||
/usr/bin/gpgv ix,
|
||||
/usr/bin/node ix,
|
||||
/usr/bin/python3.11 ix,
|
||||
/usr/bin/pip3 rix,
|
||||
/usr/libexec/git-core/** ix,
|
||||
/usr/libexec/kresus/** rix,
|
||||
/usr/local/lib/node_modules/** rm,
|
||||
/usr/local/lib/node_modules/kresus/bin/kresus.js rix,
|
||||
/usr/share/** r,
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user