Add apparmor

3dprinter-octoprint/DOCS.md

@@ -1,6 +1,6 @@
 # Startup
 
-Set a network port in addon settings, to be able to access the WebUI.
+Set a network port in addon settings to be able to access the WebUI.
 
 # Addon configuration
 
@@ -28,7 +28,7 @@ Note that this method **only allows for snapshot**, it does **NOT** work for cam
 
 # Ingress?
 
-This addon drops support for Ingress. The main reason for this is issues with finding a working configuration.
+This add-on drops support for Ingress. The main reason for this is issues with finding a working configuration.
 
 * An update to OctoPrint increased the security (which is good!). Unfortunately it also broke the configuration used in this addon, most likely due to this addon not behaving properly.
 * There has been issues with accessing camera stream by Ingress since I added support for it, which I have not been able to solve.

3dprinter-octoprint/apparmor.txt

@@ -32,20 +32,26 @@ profile 3dprinter-octoprint flags=(attach_disconnected,mediate_deleted) {
   
   profile caddy flags=(attach_disconnected,mediate_deleted) {
     #include <abstractions/base>
-  
+
     # Receive signals from S6-Overlay
     signal (receive) peer=*_3dprinter-octoprint,
 
     capability dac_override,
 
+    owner /usr/bin/caddy rm,
+    @{HOME}/.step/ w,
     @{PROC}/*/cpuset r,
     @{PROC}/sys/net/** r,
-    /data/config/caddy/** rw,
+
     /etc/** r,
-    /etc/caddy/** rw,
-    /sys/devices/virtual/** r,
-    /usr/bin/caddy rm,
-    /var/log/** rw,
-    @{HOME}/.step/ w,
+    owner /etc/caddy/ kwr,
+    owner /etc/caddy/** kwrml,
+
+    /var/log/caddy/ r,
+    owner /var/log/caddy/ kwr,
+    owner /var/log/caddy/** kwrml,
+    
+    owner /data/config/caddy/ kwr,
+    owner /data/config/caddy/** kwrml,
   }
 }

3dprinter-octoprint/config.yaml

@@ -1,5 +1,5 @@
 name: "3DPrinter-OctoPrint"
-version: "2023.02.0"
+version: "2023.02.1"
 slug: "3dprinter-octoprint"
 description: "OctoPrint as an addon, no additional bells and whistles."
 arch:
@@ -14,10 +14,12 @@ ports:
 ports_description:
   5000/tcp: Web-based interface
 devices:
-  - "/dev/mem"
-#   - "/dev/gpiomem"
-privileged:
-  - SYS_RAWIO
+  - "/dev/i2c-0"
+  - "/dev/i2c-1"
+# - "/dev/mem"
+# - "/dev/gpiomem"
+# privileged:
+#   - SYS_RAWIO
 # apparmor: false
 gpio: true
 usb: true
@@ -30,7 +32,7 @@ schema:
   trusted_proxies: "str?"
   # camera_url: "url?"
   # mode: "list(normal|recovery|reverse_proxy_test|camera)?"
-image: ghcr.io/fredrikbaberg/ha-addon-3dprinter-octoprint-{arch}
+# image: ghcr.io/fredrikbaberg/ha-addon-3dprinter-octoprint-{arch}
 # codenotary:
 tmpfs: true
 # ingress: false
@@ -39,4 +41,4 @@ panel_icon: mdi:printer-3d
 panel_title: 3DPrinter-OctoPrint
 stage: experimental
 init: false
-realtime: true
+# realtime: true