From 6be542479ed3d18e2163c0cfd10a9bbd24762b2a Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pvizeli@syshack.ch>
Date: Tue, 16 Feb 2021 15:51:34 +0100
Subject: [PATCH] Fix Apparmor profile for what we need (#810)

* Fix Apparmor profile for what we need

* fix bashio
---
 docs/add-ons/presentation.md | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/docs/add-ons/presentation.md b/docs/add-ons/presentation.md
index fa6e8b32..68f509ba 100644
--- a/docs/add-ons/presentation.md
+++ b/docs/add-ons/presentation.md
@@ -62,29 +62,34 @@ profile ADDON_SLUG flags=(attach_disconnected,mediate_deleted) {
   
   # Capabilities
   file,
+  signal
 
   # S6-Overlay
   /bin/** ix,
   /usr/bin/** ix,
-  /usr/lib/bashio/** ix,
   /etc/s6/** ix,
-  /run/s6/** ix,
+  /run/s6/** rwix,
   /etc/services.d/** rwix,
   /etc/cont-init.d/** rwix,
   /etc/cont-finish.d/** rwix,
-  /var/run/** rw,
+  /run/** rwk,
 
-  # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
-  ptrace (trace,read) peer=docker-default,
+  # Bashio
+  /usr/lib/bashio/** ix,
+  /tmp/** rw,
 
-  # docker daemon confinement requires explict allow rule for signal
-  signal (receive) set=(kill,term) peer=/usr/bin/docker,
-
-  # Access to hardware devices
-  # /dev/ttyUSB0 rw,
-  
   # Access to Options.json and other files within your addon
   /data/** rw,
+  
+  # Start new profile for service
+  /usr/bin/myprogram cx,
+  
+  profile usr/bin/myprogram flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+    
+    # Receive signals from S6-Overlay
+    signal receive,
+  }
 }
 ```