mirror of
https://github.com/home-assistant/supervisor.git
synced 2025-07-14 20:56:30 +00:00
Disable secomp global (#2711)
This commit is contained in:
parent
16095c319a
commit
e478e68b70
@ -189,7 +189,7 @@ class DockerAddon(DockerInterface):
|
||||
@property
|
||||
def security_opt(self) -> List[str]:
|
||||
"""Control security options."""
|
||||
security = []
|
||||
security = super().security_opt
|
||||
|
||||
# AppArmor
|
||||
apparmor = self.sys_host.apparmor.available
|
||||
@ -198,10 +198,6 @@ class DockerAddon(DockerInterface):
|
||||
elif self.addon.apparmor == SECURITY_PROFILE:
|
||||
security.append(f"apparmor={self.addon.slug}")
|
||||
|
||||
# Disable Seccomp / We don't support it official and it
|
||||
# causes problems on some types of host systems.
|
||||
security.append("seccomp=unconfined")
|
||||
|
||||
return security
|
||||
|
||||
@property
|
||||
|
@ -90,6 +90,7 @@ class DockerAudio(DockerInterface, CoreSysAttributes):
|
||||
hostname=self.name.replace("_", "-"),
|
||||
detach=True,
|
||||
cap_add=self.capabilities,
|
||||
security_opt=self.security_opt,
|
||||
ulimits=self.ulimits,
|
||||
cpu_rt_runtime=self.cpu_rt_runtime,
|
||||
device_cgroup_rules=self.cgroups_rules,
|
||||
|
@ -45,6 +45,7 @@ class DockerCli(DockerInterface, CoreSysAttributes):
|
||||
name=self.name,
|
||||
hostname=self.name.replace("_", "-"),
|
||||
detach=True,
|
||||
security_opt=self.security_opt,
|
||||
extra_hosts={
|
||||
"supervisor": self.sys_docker.network.supervisor,
|
||||
"observer": self.sys_docker.network.observer,
|
||||
|
@ -44,6 +44,7 @@ class DockerDNS(DockerInterface, CoreSysAttributes):
|
||||
name=self.name,
|
||||
hostname=self.name.replace("_", "-"),
|
||||
detach=True,
|
||||
security_opt=self.security_opt,
|
||||
environment={ENV_TIME: self.sys_config.timezone},
|
||||
volumes={
|
||||
str(self.sys_config.path_extern_dns): {"bind": "/config", "mode": "rw"}
|
||||
|
@ -130,6 +130,7 @@ class DockerHomeAssistant(DockerInterface):
|
||||
detach=True,
|
||||
privileged=True,
|
||||
init=False,
|
||||
security_opt=self.security_opt,
|
||||
network_mode="host",
|
||||
volumes=self.volumes,
|
||||
device_cgroup_rules=self.cgroups_rules,
|
||||
|
@ -93,6 +93,13 @@ class DockerInterface(CoreSysAttributes):
|
||||
"""Return True if a task is in progress."""
|
||||
return self.lock.locked()
|
||||
|
||||
@property
|
||||
def security_opt(self) -> List[str]:
|
||||
"""Control security options."""
|
||||
# Disable Seccomp / We don't support it official and it
|
||||
# causes problems on some types of host systems.
|
||||
return ["seccomp=unconfined"]
|
||||
|
||||
def _get_credentials(self, image: str) -> dict:
|
||||
"""Return a dictionay with credentials for docker login."""
|
||||
registry = None
|
||||
|
@ -43,6 +43,7 @@ class DockerMulticast(DockerInterface, CoreSysAttributes):
|
||||
hostname=self.name.replace("_", "-"),
|
||||
network_mode="host",
|
||||
detach=True,
|
||||
security_opt=self.security_opt,
|
||||
extra_hosts={"supervisor": self.sys_docker.network.supervisor},
|
||||
environment={ENV_TIME: self.sys_config.timezone},
|
||||
)
|
||||
|
@ -44,6 +44,7 @@ class DockerObserver(DockerInterface, CoreSysAttributes):
|
||||
name=self.name,
|
||||
hostname=self.name.replace("_", "-"),
|
||||
detach=True,
|
||||
security_opt=self.security_opt,
|
||||
restart_policy={"Name": "always"},
|
||||
extra_hosts={"supervisor": self.sys_docker.network.supervisor},
|
||||
environment={
|
||||
|
Loading…
x
Reference in New Issue
Block a user