gronod/ha-3dprinter-addons
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add apparmor

Browse Source
This commit is contained in:
Fredrik Baberg 2023-03-02 14:56:14 +01:00
parent 0829344b9b
commit 39205aca35
3 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
3dprinter-octoprint/DOCS.md
View File

@ -1,6 +1,6 @@
# Startup # Startup
Set a network port in addon settings, to be able to access the WebUI. Set a network port in addon settings to be able to access the WebUI.
# Addon configuration # Addon configuration
@ -28,7 +28,7 @@ Note that this method **only allows for snapshot**, it does **NOT** work for cam
# Ingress? # Ingress?
This addon drops support for Ingress. The main reason for this is issues with finding a working configuration. This add-on drops support for Ingress. The main reason for this is issues with finding a working configuration.
* An update to OctoPrint increased the security (which is good!). Unfortunately it also broke the configuration used in this addon, most likely due to this addon not behaving properly. * An update to OctoPrint increased the security (which is good!). Unfortunately it also broke the configuration used in this addon, most likely due to this addon not behaving properly.
* There has been issues with accessing camera stream by Ingress since I added support for it, which I have not been able to solve. * There has been issues with accessing camera stream by Ingress since I added support for it, which I have not been able to solve.

20
3dprinter-octoprint/apparmor.unused.txt → 3dprinter-octoprint/apparmor.txt
View File

@ -32,20 +32,26 @@ profile 3dprinter-octoprint flags=(attach_disconnected,mediate_deleted) {
profile caddy flags=(attach_disconnected,mediate_deleted) { profile caddy flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base> #include <abstractions/base>
# Receive signals from S6-Overlay # Receive signals from S6-Overlay
signal (receive) peer=*_3dprinter-octoprint, signal (receive) peer=*_3dprinter-octoprint,
capability dac_override, capability dac_override,
owner /usr/bin/caddy rm,
@{HOME}/.step/ w,
@{PROC}/*/cpuset r, @{PROC}/*/cpuset r,
@{PROC}/sys/net/** r, @{PROC}/sys/net/** r,
/data/config/caddy/** rw,
/etc/** r, /etc/** r,
/etc/caddy/** rw, owner /etc/caddy/ kwr,
/sys/devices/virtual/** r, owner /etc/caddy/** kwrml,
/usr/bin/caddy rm,
/var/log/** rw, /var/log/caddy/ r,
@{HOME}/.step/ w, owner /var/log/caddy/ kwr,
owner /var/log/caddy/** kwrml,
owner /data/config/caddy/ kwr,
owner /data/config/caddy/** kwrml,
} }
} }

16
3dprinter-octoprint/config.yaml
View File

@ -1,5 +1,5 @@
name: "3DPrinter-OctoPrint" name: "3DPrinter-OctoPrint"
version: "2023.02.0" version: "2023.02.1"
slug: "3dprinter-octoprint" slug: "3dprinter-octoprint"
description: "OctoPrint as an addon, no additional bells and whistles." description: "OctoPrint as an addon, no additional bells and whistles."
arch: arch:
@ -14,10 +14,12 @@ ports:
ports_description: ports_description:
5000/tcp: Web-based interface 5000/tcp: Web-based interface
devices: devices:
- "/dev/mem" - "/dev/i2c-0"
# - "/dev/gpiomem" - "/dev/i2c-1"
privileged: # - "/dev/mem"
- SYS_RAWIO # - "/dev/gpiomem"
# privileged:
# - SYS_RAWIO
# apparmor: false # apparmor: false
gpio: true gpio: true
usb: true usb: true
@ -30,7 +32,7 @@ schema:
trusted_proxies: "str?" trusted_proxies: "str?"
# camera_url: "url?" # camera_url: "url?"
# mode: "list(normal|recovery|reverse_proxy_test|camera)?" # mode: "list(normal|recovery|reverse_proxy_test|camera)?"
image: ghcr.io/fredrikbaberg/ha-addon-3dprinter-octoprint-{arch} # image: ghcr.io/fredrikbaberg/ha-addon-3dprinter-octoprint-{arch}
# codenotary: # codenotary:
tmpfs: true tmpfs: true
# ingress: false # ingress: false
@ -39,4 +41,4 @@ panel_icon: mdi:printer-3d
panel_title: 3DPrinter-OctoPrint panel_title: 3DPrinter-OctoPrint
stage: experimental stage: experimental
init: false init: false
realtime: true # realtime: true