Update with proper configuration

netalertx/apparmor.txt

@@ -7,31 +7,15 @@ profile netalertx_addon flags=(attach_disconnected,mediate_deleted) {
   file,
   signal,
   mount,
-  umount,
   remount,
-  network udp,
-  network tcp,
-  network dgram,
-  network stream,
-  network inet,
-  network inet6,
-  network netlink raw,
-  network unix dgram,
+  umount,
+  network,
+  ptrace,
 
-  capability setgid,
-  capability setuid,
-  capability sys_admin,
-  capability dac_read_search,
-  # capability dac_override,
-  # capability sys_rawio,
-
-# S6-Overlay
   /init ix,
   /run/{s6,s6-rc*,service}/** ix,
   /package/** ix,
   /command/** ix,
-  /run/{,**} rwk,
-  /dev/tty rw,
   /bin/** ix,
   /usr/bin/** ix,
   /usr/lib/bashio/** ix,
@@ -40,27 +24,5 @@ profile netalertx_addon flags=(attach_disconnected,mediate_deleted) {
   /etc/services.d/** rwix,
   /etc/cont-init.d/** rwix,
   /etc/cont-finish.d/** rwix,
-  /init rix,
-  /var/run/** mrwkl,
-  /var/run/ mrwkl,
-  /dev/i2c-1 mrwkl,
-  # Files required
-  /dev/fuse mrwkl,
-  /dev/sda1 mrwkl,
-  /dev/sdb1 mrwkl,
-  /dev/nvme0 mrwkl,
-  /dev/nvme1 mrwkl,
-  /dev/mmcblk0p1 mrwkl,
-  /dev/* mrwkl,
-  /tmp/** mrkwl,
-
-  # Data access
-  /data/** rw,
-
-  # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
-  ptrace (trace,read) peer=docker-default,
-
-  # docker daemon confinement requires explict allow rule for signal
-  signal (receive) set=(kill,term) peer=/usr/bin/docker,
-
 }
+

netalertx/config.yaml

@@ -1,48 +1,34 @@
 arch:
   - aarch64
   - amd64
-description: "\U0001F5A7\U0001F50D WIFI / LAN scanner, intruder, and presence detector"
-environment:
-  PGID: "20211"
-  PORT: "20211"
-  PUID: "20211"
-  TZ: Europe/Berlin
-  NETALERTX_DATA: /config
-  NETALERTX_CONFIG: /config/config
-  NETALERTX_DB: /config/db
-  TMP_DIR: /tmp/tmp
-  NETALERTX_CONFIG_FILE: /config/config/app.conf
-  NETALERTX_DB_FILE: /config/db/app.db
+description: "\U0001F5A7\U0001F50D Centralized network visibility and continuous asset discovery."
 hassio_api: true
 host_network: true
 image: ghcr.io/alexbelgium/netalertx-{arch}
 ingress: true
-ingress_port: 0
+ingress_port: 20211
 ingress_stream: true
 init: false
 map:
-  - addon_config:rw
-  - media:rw
-  - share:rw
-  - ssl
+  - config:rw
 name: NetAlertX
-options:
-  env_vars: []
 panel_icon: mdi:wifi-check
 ports:
   20211/tcp: 20211
   20212/tcp: 20212
 ports_description:
-  20211/tcp: WebUI port
-  20212/tcp: GraphQL port
+  20211/tcp: NetAlertX WebUI port
+  20212/tcp: GraphQL & MCP port
 privileged:
   - NET_ADMIN
   - NET_RAW
+environment:
+  PUID: "20211"
+  PGID: "20211"
+  TZ: Atlantic/Reykjavik
+  # Home assistant grants excessive priviliges and does not support application integrity
+  SKIP_STARTUP_CHECKS: excessive capabilities.sh,appliance integrity.sh
 schema:
-  env_vars:
-    - name: match(^[A-Za-z0-9_]+$)
-      value: str?
-  APP_CONF_OVERRIDE: str?
   TZ: str?
 services:
   - mqtt:want
@@ -50,4 +36,4 @@ slug: netalertx
 tmpfs: true
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
-version: "26.2.6-4"
+version: "26.3.16-1"

netalertx/rootfs/etc/cont-init.d/91-configure.sh

@@ -6,12 +6,11 @@ set -e
 # Update structure #
 ####################
 
-APP_UID=20211
 
 # 1. Fix the directories
-for folder in /tmp/run/tmp /tmp/api /tmp/log /tmp/run /tmp/nginx/active-config "$TMP_DIR" "$NETALERTX_DATA" "$NETALERTX_DB" "$NETALERTX_CONFIG"; do
+for folder in /tmp/run/tmp /tmp/api /tmp/log /tmp/run /tmp/nginx/active-config "${TMP_DIR:-/tmp}" "${NETALERTX_DATA:-/data}" "${NETALERTX_DB:-/data/db}" "${NETALERTX_CONFIG:-/data/config}"; do
     mkdir -p "$folder"
-    chown -R $APP_UID:$APP_UID "$folder"
+    chown -R ${PUID}:${PGID} "$folder"
     chmod -R 755 "$folder"
 done
 
@@ -22,13 +21,17 @@ chmod 666 /dev/stdout /dev/stderr
 
 # 3. Pre-create and chown log files
 touch /tmp/log/app.php_errors.log /tmp/log/cron.log /tmp/log/stdout.log /tmp/log/stderr.log
-chown $APP_UID:$APP_UID /tmp/log/*.log
+chown ${PUID}:${PGID} /tmp/log/*.log
 
 # 4. Create Symlinks
 for item in db config; do
+    # ADD THESE TWO LINES: Ensure the target exists and is owned by 20211
+    mkdir -p "/config/$item"
+    chown -R ${PUID}:${PGID} "/config/$item"
+
     rm -rf "/data/$item"
     ln -sf "/config/$item" "/data/$item"
-    chown -R $APP_UID:$APP_UID "/data/$item"
+    chown -R ${PUID}:${PGID} "/data/$item"
     chmod -R 755 "/data/$item"
 done
 

netalertx/rootfs/etc/cont-init.d/99-run.sh

@@ -3,4 +3,4 @@
 set -e
 
 bashio::log.info "Starting upstream app"
-gosu netalertx /entrypoint.sh
+/root-entrypoint.sh