From 966892bc1bc9128968d3c951727000e063a19eda Mon Sep 17 00:00:00 2001
From: Fredrik Baberg <fredrik.baberg@gmail.com>
Date: Mon, 27 Jun 2022 17:40:11 +0200
Subject: [PATCH] Update apparmor profile

---
 3dprinter-octoprint/apparmor.txt              | 25 ++++++++++++++++---
 3dprinter-octoprint/config.yaml               |  2 +-
 .../rootfs/etc/cont-init.d/nginx.sh           |  2 --
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/3dprinter-octoprint/apparmor.txt b/3dprinter-octoprint/apparmor.txt
index bc9e4b8..ec5f34e 100644
--- a/3dprinter-octoprint/apparmor.txt
+++ b/3dprinter-octoprint/apparmor.txt
@@ -27,10 +27,6 @@ profile 3dprinter-octoprint flags=(attach_disconnected,mediate_deleted) {
   # Access to options.json and other files within your addon
   /data/** rw,
 
-  # nginx
-  /var/lib/nginx/** ix,
-  /var/log/nginx/** rw,
-
   # Start new profile for service
   # /usr/bin/my_program cx -> my_program,
 
@@ -58,4 +54,25 @@ profile 3dprinter-octoprint flags=(attach_disconnected,mediate_deleted) {
   #   /etc/passwd r,
   #   /dev/tty rw,
   # }
+
+  # Start new profile for service
+  /usr/sbin/nginx cx -> nginx,
+  profile nginx flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+  
+    # Receive signals from S6-Overlay
+    signal (receive) peer=*_example,
+  
+    /usr/sbin/nginx r,
+    /bin/bash rix,
+    /bin/echo ix,
+    /etc/passwd r,
+    /dev/tty rw,
+
+    /var/log/nginx/access.log w,
+    /var/log/nginx/error.log w,
+
+    # Allow capability CAP_CHOWN
+    capability chown,
+  }
 }
\ No newline at end of file
diff --git a/3dprinter-octoprint/config.yaml b/3dprinter-octoprint/config.yaml
index a97677c..1e0e896 100644
--- a/3dprinter-octoprint/config.yaml
+++ b/3dprinter-octoprint/config.yaml
@@ -1,5 +1,5 @@
 name: "3DPrinter-OctoPrint"
-version: "2022.6.023"
+version: "2022.6.024"
 slug: "3dprinter-octoprint"
 description: "New instance of OctoPrint"
 url: "https://github.com/fredrikbaberg/home-assistant-addons/tree/main/3dprinter-octoprint"
diff --git a/3dprinter-octoprint/rootfs/etc/cont-init.d/nginx.sh b/3dprinter-octoprint/rootfs/etc/cont-init.d/nginx.sh
index c72ff47..483c712 100644
--- a/3dprinter-octoprint/rootfs/etc/cont-init.d/nginx.sh
+++ b/3dprinter-octoprint/rootfs/etc/cont-init.d/nginx.sh
@@ -9,13 +9,11 @@ bashio::log.info "nginx cont-init.d"
 ingress_entry=$(bashio::addon.ingress_entry)
 export ingress_entry=${ingress_entry}
 
-
 tempio \
     -conf /data/options.json \
     -template /usr/share/tempio/ingress.conf \
     -out /etc/nginx/sites-enabled/ingress.conf
 
-
 tempio \
     -conf /data/options.json \
     -template /usr/share/tempio/webui.conf \