✨ Adds support for SYS_PTRACE add-on privileges (#697)

2025-07-21 08:06:30 +00:00 · 2018-09-15 22:05:50 +02:00 · 2018-09-15 22:05:50 +02:00 · 3d459f1b8b
commit 3d459f1b8b
parent 5f3dd6190a
3 changed files with 5 additions and 3 deletions
--- a/hassio/addons/utils.py
+++ b/hassio/addons/utils.py
@ -6,7 +6,7 @@ import re

 from ..const import (
    SECURITY_DISABLE, SECURITY_PROFILE, PRIVILEGED_NET_ADMIN,
-    PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO)
+    PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE)

 RE_SHA1 = re.compile(r"[a-f0-9]{8}")

@ -33,7 +33,7 @@ def rating_security(addon):

    # Privileged options
    if addon.privileged in (PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN,
-                            PRIVILEGED_SYS_RAWIO):
+                            PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE):
        rating += -1

    # Not secure Networking
--- a/hassio/addons/validate.py
+++ b/hassio/addons/validate.py
@ -22,7 +22,7 @@ from ..const import (
    ATTR_FULL_ACCESS, ATTR_ACCESS_TOKEN,
    PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO,
    PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE,
-    PRIVILEGED_SYS_RESOURCE)
+    PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE)
 from ..validate import NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE

 _LOGGER = logging.getLogger(__name__)
@ -69,6 +69,7 @@ PRIVILEGED_ALL = [
    PRIVILEGED_SYS_TIME,
    PRIVILEGED_SYS_NICE,
    PRIVILEGED_SYS_RESOURCE,
+    PRIVILEGED_SYS_PTRACE,
 ]

 BASE_IMAGE = {
--- a/hassio/const.py
+++ b/hassio/const.py
@ -238,6 +238,7 @@ PRIVILEGED_IPC_LOCK = 'IPC_LOCK'
 PRIVILEGED_SYS_TIME = 'SYS_TIME'
 PRIVILEGED_SYS_NICE = 'SYS_NICE'
 PRIVILEGED_SYS_RESOURCE = 'SYS_RESOURCE'
+PRIVILEGED_SYS_PTRACE = 'SYS_PTRACE'

 FEATURES_SHUTDOWN = 'shutdown'
 FEATURES_REBOOT = 'reboot'