jeans/supervisor
jeans/supervisor
1
0
Fork 0
mirror of https://github.com/home-assistant/supervisor.git synced 2025-07-24 09:36:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support for CAP_BPF and CAP_PERFMON privileges (#4259)

Browse Source 
Co-authored-by: Stefan Agner <stefan@agner.ch>
This commit is contained in:
Felipe Santos 2023-05-21 10:19:05 -03:00 committed by GitHub
parent b5233cd398
commit 88d25fc14e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
supervisor/addons/utils.py
View File

@ -44,13 +44,15 @@ def rating_security(addon: AddonModel) -> int:
any(
privilege in addon.privileged
for privilege in (
Capabilities.BPF,
Capabilities.DAC_READ_SEARCH,
Capabilities.NET_ADMIN,
Capabilities.NET_RAW,
Capabilities.PERFMON,
Capabilities.SYS_ADMIN,
Capabilities.SYS_RAWIO,
Capabilities.SYS_PTRACE,
Capabilities.SYS_MODULE,
Capabilities.DAC_READ_SEARCH,
Capabilities.SYS_PTRACE,
Capabilities.SYS_RAWIO,
)
)
or addon.with_kernel_modules

2
supervisor/docker/const.py
View File

@ -5,10 +5,12 @@ from enum import Enum
class Capabilities(str, Enum):
"""Linux Capabilities."""
BPF = "BPF"
DAC_READ_SEARCH = "DAC_READ_SEARCH"
IPC_LOCK = "IPC_LOCK"
NET_ADMIN = "NET_ADMIN"
NET_RAW = "NET_RAW"
PERFMON = "PERFMON"
SYS_ADMIN = "SYS_ADMIN"
SYS_MODULE = "SYS_MODULE"
SYS_NICE = "SYS_NICE"