From b944251a3e7f139a44769eb442383ba3ff019914 Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Wed, 2 May 2018 23:55:45 +0200 Subject: [PATCH] Update hassio-supervisor --- buildroot-external/apparmor/hassio-supervisor | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/buildroot-external/apparmor/hassio-supervisor b/buildroot-external/apparmor/hassio-supervisor index 9602b922d..d0e66c116 100644 --- a/buildroot-external/apparmor/hassio-supervisor +++ b/buildroot-external/apparmor/hassio-supervisor @@ -5,14 +5,12 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include - network inet tcp, - + network, deny network raw, - deny network packet, /bin/busybox ix, /usr/bin/python{,3,3.[0-9]} ix, - /usr/bin/git ix, + /usr/bin/git cx, /usr/bin/socat cx, /usr/bin/gdbus cx, @@ -47,8 +45,17 @@ profile hassio-supervisor flags=(attach_disconnected,mediate_deleted) { #include #include - deny network inet, - + /usr/bin/gdbus mr, /var/run/dbus/system_bus_socket rw, } + + profile /usr/bin/git { + #include + + network, + deny network raw, + + /usr/libexec/git-core/* ix, + /data/addons/** rw, + } }