jeans/supervisor
jeans/supervisor
1
0
Fork 0
mirror of https://github.com/home-assistant/supervisor.git synced 2025-07-08 17:56:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix's & cleanup

Browse Source
This commit is contained in:
Pascal Vizeli 2018-04-08 22:27:58 +02:00
parent fddd5b8860
commit ee4b28a490
4 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
API.md
View File

@ -427,8 +427,8 @@ Get all available addons.
"host_ipc": "bool", "host_ipc": "bool",
"host_dbus": "bool", "host_dbus": "bool",
"privileged": ["NET_ADMIN", "SYS_ADMIN"], "privileged": ["NET_ADMIN", "SYS_ADMIN"],
"seccomp": "disable|default|custom", "seccomp": "disable|default|profile",
"apparmor": "disable|default|custom", "apparmor": "disable|default|profile",
"devices": ["/dev/xy"], "devices": ["/dev/xy"],
"auto_uart": "bool", "auto_uart": "bool",
"icon": "bool", "icon": "bool",

13
hassio/addons/addon.py
View File

@ -24,7 +24,7 @@ from ..const import (
ATTR_HASSIO_API, ATTR_AUDIO, ATTR_AUDIO_OUTPUT, ATTR_AUDIO_INPUT, ATTR_HASSIO_API, ATTR_AUDIO, ATTR_AUDIO_OUTPUT, ATTR_AUDIO_INPUT,
ATTR_GPIO, ATTR_HOMEASSISTANT_API, ATTR_STDIN, ATTR_LEGACY, ATTR_HOST_IPC, ATTR_GPIO, ATTR_HOMEASSISTANT_API, ATTR_STDIN, ATTR_LEGACY, ATTR_HOST_IPC,
ATTR_HOST_DBUS, ATTR_AUTO_UART, ATTR_DISCOVERY, ATTR_SERVICES, ATTR_HOST_DBUS, ATTR_AUTO_UART, ATTR_DISCOVERY, ATTR_SERVICES,
ATTR_SECCOMP, ATTR_APPARMOR, SECURITY_CUSTOM, SECURITY_DISABLE, ATTR_SECCOMP, ATTR_APPARMOR, SECURITY_PROFILE, SECURITY_DISABLE,
SECURITY_DEFAULT) SECURITY_DEFAULT)
from ..coresys import CoreSysAttributes from ..coresys import CoreSysAttributes
from ..docker.addon import DockerAddon from ..docker.addon import DockerAddon
@ -324,23 +324,18 @@ class Addon(CoreSysAttributes):
if not self._mesh.get(ATTR_SECCOMP): if not self._mesh.get(ATTR_SECCOMP):
return SECURITY_DISABLE return SECURITY_DISABLE
elif self.path_seccomp.exists(): elif self.path_seccomp.exists():
return SECURITY_CUSTOM return SECURITY_PROFILE
return SECURITY_DEFAULT return SECURITY_DEFAULT
@property @property
def apparmor(self): def apparmor(self):
"""Return True if seccomp is enabled.""" """Return True if seccomp is enabled."""
if not self._mesh.get(ATTR_SECCOMP): if not self._mesh.get(ATTR_APPARMOR):
return SECURITY_DISABLE return SECURITY_DISABLE
elif self.path_apparmor.exists(): elif self.path_apparmor.exists():
return SECURITY_CUSTOM return SECURITY_PROFILE
return SECURITY_DEFAULT return SECURITY_DEFAULT
@property
def seccomp_profile(self):
"""Return True if it not use the default profile."""
return Path(self.path_location, f"{ATTR_SECCOMP}.json").exists()
@property @property
def legacy(self): def legacy(self):
"""Return if the add-on don't support hass labels.""" """Return if the add-on don't support hass labels."""

2
hassio/const.py
View File

@ -205,6 +205,6 @@ SNAPSHOT_PARTIAL = 'partial'
CRYPTO_AES128 = 'aes128' CRYPTO_AES128 = 'aes128'
SECURITY_CUSTOM = 'custom' SECURITY_PROFILE = 'profile'
SECURITY_DEFAULT = 'default' SECURITY_DEFAULT = 'default'
SECURITY_DISABLE = 'disable' SECURITY_DISABLE = 'disable'

6
hassio/docker/addon.py
View File

@ -9,7 +9,7 @@ from .interface import DockerInterface
from ..addons.build import AddonBuild from ..addons.build import AddonBuild
from ..const import ( from ..const import (
MAP_CONFIG, MAP_SSL, MAP_ADDONS, MAP_BACKUP, MAP_SHARE, ENV_TOKEN, MAP_CONFIG, MAP_SSL, MAP_ADDONS, MAP_BACKUP, MAP_SHARE, ENV_TOKEN,
ENV_TIME, SECURITY_CUSTOM, SECURITY_DISABLE) ENV_TIME, SECURITY_PROFILE, SECURITY_DISABLE)
from ..utils import process_lock from ..utils import process_lock
_LOGGER = logging.getLogger(__name__) _LOGGER = logging.getLogger(__name__)
@ -126,13 +126,13 @@ class DockerAddon(DockerInterface):
# AppArmor # AppArmor
if self.addon.apparmor == SECURITY_DISABLE: if self.addon.apparmor == SECURITY_DISABLE:
security.append("apparmor:unconfined") security.append("apparmor:unconfined")
elif self.addon.apparmor == SECURITY_CUSTOM: elif self.addon.apparmor == SECURITY_PROFILE:
security.append(f"apparmor={self.addon.slug}") security.append(f"apparmor={self.addon.slug}")
# Seccomp # Seccomp
if self.addon.seccomp == SECURITY_DISABLE: if self.addon.seccomp == SECURITY_DISABLE:
security.append("seccomp=unconfined") security.append("seccomp=unconfined")
elif self.addon.seccomp == SECURITY_CUSTOM: elif self.addon.seccomp == SECURITY_PROFILE:
security.append(f"seccomp={self.addon.path_seccomp}") security.append(f"seccomp={self.addon.path_seccomp}")
return security or None return security or None