From 5f23e26197e8b0eff5444f9ba8a6f41e509efef6 Mon Sep 17 00:00:00 2001
From: Fredrik Baberg <fredrik.baberg@gmail.com>
Date: Mon, 27 Jun 2022 17:13:57 +0200
Subject: [PATCH] Add nginx to apparmor

---
 3dprinter-octoprint/apparmor.txt              | 52 ++++++++++---------
 3dprinter-octoprint/config.yaml               |  2 +-
 .../rootfs/etc/services.d/nginx/finish        |  2 +-
 .../rootfs/etc/services.d/octoprint/finish    |  2 +-
 4 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/3dprinter-octoprint/apparmor.txt b/3dprinter-octoprint/apparmor.txt
index f3a1862..bc9e4b8 100644
--- a/3dprinter-octoprint/apparmor.txt
+++ b/3dprinter-octoprint/apparmor.txt
@@ -27,31 +27,35 @@ profile 3dprinter-octoprint flags=(attach_disconnected,mediate_deleted) {
   # Access to options.json and other files within your addon
   /data/** rw,
 
+  # nginx
+  /var/lib/nginx/** ix,
+  /var/log/nginx/** rw,
+
   # Start new profile for service
   # /usr/bin/my_program cx -> my_program,
 
-  profile my_program flags=(attach_disconnected,mediate_deleted) {
-    #include <abstractions/base>
-
-    # Receive signals from S6-Overlay
-    signal (receive) peer=*_example,
-
-    # Access to options.json and other files within your addon
-    /data/** rw,
-
-    # Access to mapped volumes specified in config.json
-    /share/** rw,
-
-    # Access required for service functionality
-    # Note: List was built by doing the following:
-    # 1. Add what is obviously needed based on what is in the script
-    # 2. Add `complain` as a flag to this profile temporarily and run the addon
-    # 3. Review the audit log with `journalctl _TRANSPORT="audit" -g 'apparmor="ALLOWED"'` and add other access as needed
-    # Remember to remove the `complain` flag when you are done
-    # /usr/bin/my_program r,
-    /bin/bash rix,
-    /bin/echo ix,
-    /etc/passwd r,
-    /dev/tty rw,
-  }
+  # profile my_program flags=(attach_disconnected,mediate_deleted) {
+  #   #include <abstractions/base>
+  # 
+  #   # Receive signals from S6-Overlay
+  #   signal (receive) peer=*_example,
+  # 
+  #   # Access to options.json and other files within your addon
+  #   /data/** rw,
+  # 
+  #   # Access to mapped volumes specified in config.json
+  #   /share/** rw,
+  # 
+  #   # Access required for service functionality
+  #   # Note: List was built by doing the following:
+  #   # 1. Add what is obviously needed based on what is in the script
+  #   # 2. Add `complain` as a flag to this profile temporarily and run the addon
+  #   # 3. Review the audit log with `journalctl _TRANSPORT="audit" -g 'apparmor="ALLOWED"'` and add other access as needed
+  #   # Remember to remove the `complain` flag when you are done
+  #   # /usr/bin/my_program r,
+  #   /bin/bash rix,
+  #   /bin/echo ix,
+  #   /etc/passwd r,
+  #   /dev/tty rw,
+  # }
 }
\ No newline at end of file
diff --git a/3dprinter-octoprint/config.yaml b/3dprinter-octoprint/config.yaml
index 4344dd9..a97677c 100644
--- a/3dprinter-octoprint/config.yaml
+++ b/3dprinter-octoprint/config.yaml
@@ -1,5 +1,5 @@
 name: "3DPrinter-OctoPrint"
-version: "2022.6.022"
+version: "2022.6.023"
 slug: "3dprinter-octoprint"
 description: "New instance of OctoPrint"
 url: "https://github.com/fredrikbaberg/home-assistant-addons/tree/main/3dprinter-octoprint"
diff --git a/3dprinter-octoprint/rootfs/etc/services.d/nginx/finish b/3dprinter-octoprint/rootfs/etc/services.d/nginx/finish
index b03a9cf..37c01b9 100644
--- a/3dprinter-octoprint/rootfs/etc/services.d/nginx/finish
+++ b/3dprinter-octoprint/rootfs/etc/services.d/nginx/finish
@@ -1,6 +1,6 @@
 #!/usr/bin/env bashio
 # ==============================================================================
-# Take down the S6 supervision tree when example fails
+# Take down the S6 supervision tree when proxy fails
 # s6-overlay docs: https://github.com/just-containers/s6-overlay
 # ==============================================================================
 
diff --git a/3dprinter-octoprint/rootfs/etc/services.d/octoprint/finish b/3dprinter-octoprint/rootfs/etc/services.d/octoprint/finish
index 9f37aa6..6c5b489 100644
--- a/3dprinter-octoprint/rootfs/etc/services.d/octoprint/finish
+++ b/3dprinter-octoprint/rootfs/etc/services.d/octoprint/finish
@@ -1,6 +1,6 @@
 #!/usr/bin/env bashio
 # ==============================================================================
-# Take down the S6 supervision tree when example fails
+# Take down the S6 supervision tree when octoprint fails
 # s6-overlay docs: https://github.com/just-containers/s6-overlay
 # ==============================================================================