From 3d459f1b8bb1528ee440864361c4bab11cea304d Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Sat, 15 Sep 2018 22:05:50 +0200 Subject: [PATCH] :sparkles: Adds support for SYS_PTRACE add-on privileges (#697) --- hassio/addons/utils.py | 4 ++-- hassio/addons/validate.py | 3 ++- hassio/const.py | 1 + 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/hassio/addons/utils.py b/hassio/addons/utils.py index 83f05ad2e..b9f1a9437 100644 --- a/hassio/addons/utils.py +++ b/hassio/addons/utils.py @@ -6,7 +6,7 @@ import re from ..const import ( SECURITY_DISABLE, SECURITY_PROFILE, PRIVILEGED_NET_ADMIN, - PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO) + PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE) RE_SHA1 = re.compile(r"[a-f0-9]{8}") @@ -33,7 +33,7 @@ def rating_security(addon): # Privileged options if addon.privileged in (PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, - PRIVILEGED_SYS_RAWIO): + PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE): rating += -1 # Not secure Networking diff --git a/hassio/addons/validate.py b/hassio/addons/validate.py index 275465a60..4ff3d8cfa 100644 --- a/hassio/addons/validate.py +++ b/hassio/addons/validate.py @@ -22,7 +22,7 @@ from ..const import ( ATTR_FULL_ACCESS, ATTR_ACCESS_TOKEN, PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE, - PRIVILEGED_SYS_RESOURCE) + PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE) from ..validate import NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE _LOGGER = logging.getLogger(__name__) @@ -69,6 +69,7 @@ PRIVILEGED_ALL = [ PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE, PRIVILEGED_SYS_RESOURCE, + PRIVILEGED_SYS_PTRACE, ] BASE_IMAGE = { diff --git a/hassio/const.py b/hassio/const.py index 5bea28a92..da4e15542 100644 --- a/hassio/const.py +++ b/hassio/const.py @@ -238,6 +238,7 @@ PRIVILEGED_IPC_LOCK = 'IPC_LOCK' PRIVILEGED_SYS_TIME = 'SYS_TIME' PRIVILEGED_SYS_NICE = 'SYS_NICE' PRIVILEGED_SYS_RESOURCE = 'SYS_RESOURCE' +PRIVILEGED_SYS_PTRACE = 'SYS_PTRACE' FEATURES_SHUTDOWN = 'shutdown' FEATURES_REBOOT = 'reboot'