Home-Assistant/supervisor
1
0
Fork 0
mirror of https://github.com/home-assistant/supervisor.git synced 2025-12-24 12:29:08 +00:00
Code Activity

Add support for Seccomp/AppArmor profiles

Browse Source
This commit is contained in:
Pascal Vizeli
2018-04-07 00:24:23 +02:00
parent 4eb24fcbc5
commit 72279072ac
6 changed files with 66 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
hassio/docker/addon.py
View File

@@ -9,7 +9,7 @@ from .interface import DockerInterface
from ..addons.build import AddonBuild
from ..const import (
MAP_CONFIG, MAP_SSL, MAP_ADDONS, MAP_BACKUP, MAP_SHARE, ENV_TOKEN,
ENV_TIME)
ENV_TIME, SECURITY_CUSTOM, SECURITY_DISABLE)
from ..utils import process_lock
_LOGGER = logging.getLogger(__name__)
@@ -121,14 +121,21 @@ class DockerAddon(DockerInterface):
@property
def security_opt(self):
"""Controlling security opt."""
privileged = self.addon.privileged or []
security = []
# Disable AppArmor sinse it make troubles wit SYS_ADMIN
if 'SYS_ADMIN' in privileged:
return [
"apparmor:unconfined",
]
return None
# AppArmor
if self.addon.apparmor == SECURITY_DISABLE:
security.append("apparmor:unconfined")
elif self.addon.apparmor == SECURITY_DEFAULT:
security.append(f"apparmor={self.addon.slug}")
# Seccomp
if self.addon.seccomp == SECURITY_DISABLE:
security.append("seccomp=unconfined")
elif self.addon.seccomp == SECURITY_CUSTOM:
security.append(f"seccomp={self.addon.path_seccomp}")
return security or None
@property
def tmpfs(self):