Adds support for SYS_PTRACE add-on privileges (#697)

This commit is contained in:
Franck Nijhof 2018-09-15 22:05:50 +02:00 committed by Pascal Vizeli
parent 5f3dd6190a
commit 3d459f1b8b
3 changed files with 5 additions and 3 deletions

View File

@ -6,7 +6,7 @@ import re
from ..const import (
SECURITY_DISABLE, SECURITY_PROFILE, PRIVILEGED_NET_ADMIN,
PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO)
PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE)
RE_SHA1 = re.compile(r"[a-f0-9]{8}")
@ -33,7 +33,7 @@ def rating_security(addon):
# Privileged options
if addon.privileged in (PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN,
PRIVILEGED_SYS_RAWIO):
PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE):
rating += -1
# Not secure Networking

View File

@ -22,7 +22,7 @@ from ..const import (
ATTR_FULL_ACCESS, ATTR_ACCESS_TOKEN,
PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO,
PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE,
PRIVILEGED_SYS_RESOURCE)
PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE)
from ..validate import NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE
_LOGGER = logging.getLogger(__name__)
@ -69,6 +69,7 @@ PRIVILEGED_ALL = [
PRIVILEGED_SYS_TIME,
PRIVILEGED_SYS_NICE,
PRIVILEGED_SYS_RESOURCE,
PRIVILEGED_SYS_PTRACE,
]
BASE_IMAGE = {

View File

@ -238,6 +238,7 @@ PRIVILEGED_IPC_LOCK = 'IPC_LOCK'
PRIVILEGED_SYS_TIME = 'SYS_TIME'
PRIVILEGED_SYS_NICE = 'SYS_NICE'
PRIVILEGED_SYS_RESOURCE = 'SYS_RESOURCE'
PRIVILEGED_SYS_PTRACE = 'SYS_PTRACE'
FEATURES_SHUTDOWN = 'shutdown'
FEATURES_REBOOT = 'reboot'