From 1ebaf6e0118fd0f5b2c1f19e03dfec99af421ef0 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 16 Mar 2026 15:04:32 -0400 Subject: [PATCH 01/16] Update with proper configuration --- netalertx/apparmor.txt | 46 ++----------------- netalertx/config.yaml | 38 +++++---------- .../rootfs/etc/cont-init.d/91-configure.sh | 13 ++++-- netalertx/rootfs/etc/cont-init.d/99-run.sh | 2 +- 4 files changed, 25 insertions(+), 74 deletions(-) diff --git a/netalertx/apparmor.txt b/netalertx/apparmor.txt index f6d83b215..c025dcf76 100644 --- a/netalertx/apparmor.txt +++ b/netalertx/apparmor.txt @@ -7,31 +7,15 @@ profile netalertx_addon flags=(attach_disconnected,mediate_deleted) { file, signal, mount, - umount, remount, - network udp, - network tcp, - network dgram, - network stream, - network inet, - network inet6, - network netlink raw, - network unix dgram, + umount, + network, + ptrace, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, - -# S6-Overlay /init ix, /run/{s6,s6-rc*,service}/** ix, /package/** ix, /command/** ix, - /run/{,**} rwk, - /dev/tty rw, /bin/** ix, /usr/bin/** ix, /usr/lib/bashio/** ix, @@ -40,27 +24,5 @@ profile netalertx_addon flags=(attach_disconnected,mediate_deleted) { /etc/services.d/** rwix, /etc/cont-init.d/** rwix, /etc/cont-finish.d/** rwix, - /init rix, - /var/run/** mrwkl, - /var/run/ mrwkl, - /dev/i2c-1 mrwkl, - # Files required - /dev/fuse mrwkl, - /dev/sda1 mrwkl, - /dev/sdb1 mrwkl, - /dev/nvme0 mrwkl, - /dev/nvme1 mrwkl, - /dev/mmcblk0p1 mrwkl, - /dev/* mrwkl, - /tmp/** mrkwl, - - # Data access - /data/** rw, - - # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container - ptrace (trace,read) peer=docker-default, - - # docker daemon confinement requires explict allow rule for signal - signal (receive) set=(kill,term) peer=/usr/bin/docker, - } + diff --git a/netalertx/config.yaml b/netalertx/config.yaml index a9915e7a8..587e3f27f 100644 --- a/netalertx/config.yaml +++ b/netalertx/config.yaml @@ -1,48 +1,34 @@ arch: - aarch64 - amd64 -description: "\U0001F5A7\U0001F50D WIFI / LAN scanner, intruder, and presence detector" -environment: - PGID: "20211" - PORT: "20211" - PUID: "20211" - TZ: Europe/Berlin - NETALERTX_DATA: /config - NETALERTX_CONFIG: /config/config - NETALERTX_DB: /config/db - TMP_DIR: /tmp/tmp - NETALERTX_CONFIG_FILE: /config/config/app.conf - NETALERTX_DB_FILE: /config/db/app.db +description: "\U0001F5A7\U0001F50D Centralized network visibility and continuous asset discovery." hassio_api: true host_network: true image: ghcr.io/alexbelgium/netalertx-{arch} ingress: true -ingress_port: 0 +ingress_port: 20211 ingress_stream: true init: false map: - - addon_config:rw - - media:rw - - share:rw - - ssl + - config:rw name: NetAlertX -options: - env_vars: [] panel_icon: mdi:wifi-check ports: 20211/tcp: 20211 20212/tcp: 20212 ports_description: - 20211/tcp: WebUI port - 20212/tcp: GraphQL port + 20211/tcp: NetAlertX WebUI port + 20212/tcp: GraphQL & MCP port privileged: - NET_ADMIN - NET_RAW +environment: + PUID: "20211" + PGID: "20211" + TZ: Atlantic/Reykjavik + # Home assistant grants excessive priviliges and does not support application integrity + SKIP_STARTUP_CHECKS: excessive capabilities.sh,appliance integrity.sh schema: - env_vars: - - name: match(^[A-Za-z0-9_]+$) - value: str? - APP_CONF_OVERRIDE: str? TZ: str? services: - mqtt:want @@ -50,4 +36,4 @@ slug: netalertx tmpfs: true udev: true url: https://github.com/alexbelgium/hassio-addons -version: "26.2.6-4" +version: "26.3.16-1" diff --git a/netalertx/rootfs/etc/cont-init.d/91-configure.sh b/netalertx/rootfs/etc/cont-init.d/91-configure.sh index f4840cdfa..d5f7626c4 100755 --- a/netalertx/rootfs/etc/cont-init.d/91-configure.sh +++ b/netalertx/rootfs/etc/cont-init.d/91-configure.sh @@ -6,12 +6,11 @@ set -e # Update structure # #################### -APP_UID=20211 # 1. Fix the directories -for folder in /tmp/run/tmp /tmp/api /tmp/log /tmp/run /tmp/nginx/active-config "$TMP_DIR" "$NETALERTX_DATA" "$NETALERTX_DB" "$NETALERTX_CONFIG"; do +for folder in /tmp/run/tmp /tmp/api /tmp/log /tmp/run /tmp/nginx/active-config "${TMP_DIR:-/tmp}" "${NETALERTX_DATA:-/data}" "${NETALERTX_DB:-/data/db}" "${NETALERTX_CONFIG:-/data/config}"; do mkdir -p "$folder" - chown -R $APP_UID:$APP_UID "$folder" + chown -R ${PUID}:${PGID} "$folder" chmod -R 755 "$folder" done @@ -22,13 +21,17 @@ chmod 666 /dev/stdout /dev/stderr # 3. Pre-create and chown log files touch /tmp/log/app.php_errors.log /tmp/log/cron.log /tmp/log/stdout.log /tmp/log/stderr.log -chown $APP_UID:$APP_UID /tmp/log/*.log +chown ${PUID}:${PGID} /tmp/log/*.log # 4. Create Symlinks for item in db config; do + # ADD THESE TWO LINES: Ensure the target exists and is owned by 20211 + mkdir -p "/config/$item" + chown -R ${PUID}:${PGID} "/config/$item" + rm -rf "/data/$item" ln -sf "/config/$item" "/data/$item" - chown -R $APP_UID:$APP_UID "/data/$item" + chown -R ${PUID}:${PGID} "/data/$item" chmod -R 755 "/data/$item" done diff --git a/netalertx/rootfs/etc/cont-init.d/99-run.sh b/netalertx/rootfs/etc/cont-init.d/99-run.sh index 1675ed83e..1d3c36d8b 100755 --- a/netalertx/rootfs/etc/cont-init.d/99-run.sh +++ b/netalertx/rootfs/etc/cont-init.d/99-run.sh @@ -3,4 +3,4 @@ set -e bashio::log.info "Starting upstream app" -gosu netalertx /entrypoint.sh +/root-entrypoint.sh From 382988a9e7481321fa1fd8f1afe5772140f020de Mon Sep 17 00:00:00 2001 From: root Date: Mon, 16 Mar 2026 16:15:40 -0400 Subject: [PATCH 02/16] lint issues --- netalertx/rootfs/etc/cont-init.d/91-configure.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/netalertx/rootfs/etc/cont-init.d/91-configure.sh b/netalertx/rootfs/etc/cont-init.d/91-configure.sh index d5f7626c4..732aac1cc 100755 --- a/netalertx/rootfs/etc/cont-init.d/91-configure.sh +++ b/netalertx/rootfs/etc/cont-init.d/91-configure.sh @@ -10,7 +10,7 @@ set -e # 1. Fix the directories for folder in /tmp/run/tmp /tmp/api /tmp/log /tmp/run /tmp/nginx/active-config "${TMP_DIR:-/tmp}" "${NETALERTX_DATA:-/data}" "${NETALERTX_DB:-/data/db}" "${NETALERTX_CONFIG:-/data/config}"; do mkdir -p "$folder" - chown -R ${PUID}:${PGID} "$folder" + chown -R "${PUID}":"${PGID}" "$folder" chmod -R 755 "$folder" done @@ -21,17 +21,17 @@ chmod 666 /dev/stdout /dev/stderr # 3. Pre-create and chown log files touch /tmp/log/app.php_errors.log /tmp/log/cron.log /tmp/log/stdout.log /tmp/log/stderr.log -chown ${PUID}:${PGID} /tmp/log/*.log +chown "${PUID}":"${PGID}" /tmp/log/*.log # 4. Create Symlinks for item in db config; do # ADD THESE TWO LINES: Ensure the target exists and is owned by 20211 mkdir -p "/config/$item" - chown -R ${PUID}:${PGID} "/config/$item" + chown -R "${PUID}":"${PGID}" "/config/$item" rm -rf "/data/$item" ln -sf "/config/$item" "/data/$item" - chown -R ${PUID}:${PGID} "/data/$item" + chown -R "${PUID}":"${PGID}" "/data/$item" chmod -R 755 "/data/$item" done From 0ed5974d1a72877b20a8c9e67299621688efcae9 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 06:06:28 +0000 Subject: [PATCH 03/16] GitHub bot: changelog --- netalertx/CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/netalertx/CHANGELOG.md b/netalertx/CHANGELOG.md index 46965c413..0d9f6fbe2 100644 --- a/netalertx/CHANGELOG.md +++ b/netalertx/CHANGELOG.md @@ -1,3 +1,5 @@ +## 26.3.16-1 (17-03-2026) +- Minor bugs fixed ## 26.3.7-3 (07-03-2026) - Minor bugs fixed ## 26.3.7-2 (07-03-2026) From 34ea41913e60f55e600e08c3e8088290a45101c8 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Tue, 17 Mar 2026 08:27:07 +0100 Subject: [PATCH 04/16] Use /config for location to allow access --- netalertx/config.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/netalertx/config.yaml b/netalertx/config.yaml index 587e3f27f..c7dc40a2b 100644 --- a/netalertx/config.yaml +++ b/netalertx/config.yaml @@ -25,10 +25,15 @@ privileged: environment: PUID: "20211" PGID: "20211" - TZ: Atlantic/Reykjavik - # Home assistant grants excessive priviliges and does not support application integrity + TZ: Europe/Berlin + NETALERTX_DATA: /config + NETALERTX_CONFIG: /config/config + NETALERTX_DB: /config/db SKIP_STARTUP_CHECKS: excessive capabilities.sh,appliance integrity.sh schema: + env_vars: + - name: match(^[A-Za-z0-9_]+$) + value: str? TZ: str? services: - mqtt:want @@ -36,4 +41,4 @@ slug: netalertx tmpfs: true udev: true url: https://github.com/alexbelgium/hassio-addons -version: "26.3.16-1" +version: "26.3.16-2" From 317d13c29455278abb4c1aa58c3e6a991456002b Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Tue, 17 Mar 2026 08:29:13 +0100 Subject: [PATCH 05/16] nobuild Added TMP_DIR and updated NETALERTX_CONFIG_FILE and NETALERTX_DB_FILE paths. --- netalertx/config.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/netalertx/config.yaml b/netalertx/config.yaml index c7dc40a2b..c60cc0d8a 100644 --- a/netalertx/config.yaml +++ b/netalertx/config.yaml @@ -26,9 +26,11 @@ environment: PUID: "20211" PGID: "20211" TZ: Europe/Berlin - NETALERTX_DATA: /config NETALERTX_CONFIG: /config/config NETALERTX_DB: /config/db + TMP_DIR: /tmp/tmp + NETALERTX_CONFIG_FILE: /config/config/app.conf + NETALERTX_DB_FILE: /config/db/app.db SKIP_STARTUP_CHECKS: excessive capabilities.sh,appliance integrity.sh schema: env_vars: From 8870083a4580422a452737a081f5afbbb7c41cff Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 07:29:21 +0000 Subject: [PATCH 06/16] GitHub bot: changelog --- netalertx/CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/netalertx/CHANGELOG.md b/netalertx/CHANGELOG.md index 0d9f6fbe2..521081dcc 100644 --- a/netalertx/CHANGELOG.md +++ b/netalertx/CHANGELOG.md @@ -1,3 +1,5 @@ +## 26.3.16-2 (17-03-2026) +- Minor bugs fixed ## 26.3.16-1 (17-03-2026) - Minor bugs fixed ## 26.3.7-3 (07-03-2026) From 92369f460707d8c7d4cfa28a401b542c81fdd03a Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Tue, 17 Mar 2026 08:31:13 +0100 Subject: [PATCH 07/16] nobuild --- netalertx/config.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/netalertx/config.yaml b/netalertx/config.yaml index c60cc0d8a..ed7034a8b 100644 --- a/netalertx/config.yaml +++ b/netalertx/config.yaml @@ -33,9 +33,6 @@ environment: NETALERTX_DB_FILE: /config/db/app.db SKIP_STARTUP_CHECKS: excessive capabilities.sh,appliance integrity.sh schema: - env_vars: - - name: match(^[A-Za-z0-9_]+$) - value: str? TZ: str? services: - mqtt:want From 3ae0bbb9ba95cc11e2f36beabc6ac8793445b335 Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Tue, 17 Mar 2026 08:33:19 +0100 Subject: [PATCH 09/16] nobuild corrext --- netalertx/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netalertx/config.yaml b/netalertx/config.yaml index ed7034a8b..a096163ef 100644 --- a/netalertx/config.yaml +++ b/netalertx/config.yaml @@ -10,7 +10,7 @@ ingress_port: 20211 ingress_stream: true init: false map: - - config:rw + - addon_config:rw name: NetAlertX panel_icon: mdi:wifi-check ports: From 3c53e6916113049b969f0e8fd71c45e504b66252 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 17 Mar 2026 07:42:05 +0000 Subject: [PATCH 10/16] Replace blanket capability, with specific capabilities in all AppArmor profiles Remove overly permissive blanket `capability,` rule (grants ALL Linux capabilities) from 107 addon AppArmor profiles. Replace with only the specific capabilities each addon needs based on its config.yaml `privileged` field. Base capabilities for all addons: setuid, setgid, chown, fowner, dac_override Additional capabilities mapped from config.yaml privileged list: - SYS_ADMIN -> sys_admin - DAC_READ_SEARCH -> dac_read_search - NET_ADMIN -> net_admin - NET_RAW -> net_raw - SYS_RAWIO -> sys_rawio - SYS_TIME -> sys_time - SYS_RESOURCE -> sys_resource Addons with full_access: true (portainer_agent) retain blanket capability. Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com> --- arpspoof/apparmor.txt | 14 +++++++------- autobrr/apparmor.txt | 14 +++++++------- baikal/apparmor.txt | 12 +++++------- battybirdnet-pi/apparmor.txt | 14 +++++++------- bazarr/apparmor.txt | 14 +++++++------- binance-trading-bot/apparmor.txt | 14 +++++++------- birdnet-go/apparmor.txt | 15 ++++++++------- birdnet-pi/apparmor.txt | 14 +++++++------- birdnet-pipy/apparmor.txt | 10 +++++----- bitwarden/apparmor.txt | 12 +++++------- booksonic_air/apparmor.txt | 14 +++++++------- browser_chromium/apparmor.txt | 14 +++++++------- browserless_chrome/apparmor.txt | 12 +++++------- calibre/apparmor.txt | 15 ++++++++------- calibre_web/apparmor.txt | 15 ++++++++------- changedetection.io/apparmor.txt | 12 +++++------- cleanuparr/apparmor.txt | 12 +++++------- cloudcommander/apparmor.txt | 14 +++++++------- codex/apparmor.txt | 14 +++++++------- collabora/apparmor.txt | 12 +++++------- comixed/apparmor.txt | 14 +++++++------- elasticsearch/apparmor.txt | 8 +++++--- emby/apparmor.txt | 14 +++++++------- emby_beta/apparmor.txt | 14 +++++++------- enedisgateway2mqtt/apparmor.txt | 8 +++++--- enedisgateway2mqtt_dev/apparmor.txt | 8 +++++--- ente/apparmor.txt | 14 +++++++------- epicgamesfree/apparmor.txt | 12 +++++------- filebrowser/apparmor.txt | 14 +++++++------- filebrowser_quantum/apparmor.txt | 14 +++++++------- fireflyiii/apparmor.txt | 12 +++++------- fireflyiii_data_importer/apparmor.txt | 12 +++++------- fireflyiii_fints_importer/apparmor.txt | 12 +++++------- flaresolverr/apparmor.txt | 12 +++++------- flexget/apparmor.txt | 8 +++++--- free_games_claimer/apparmor.txt | 12 +++++------- gazpar2mqtt/apparmor.txt | 8 +++++--- gitea/apparmor.txt | 12 +++++------- grampsweb/apparmor.txt | 12 +++++------- grav/apparmor.txt | 12 +++++------- guacamole/apparmor.txt | 12 +++++------- immich/apparmor.txt | 14 +++++++------- immich_frame/apparmor.txt | 12 +++++------- immich_power_tools/apparmor.txt | 12 +++++------- inadyn/apparmor.txt | 8 +++++--- jackett/apparmor.txt | 14 +++++++------- jellyfin/apparmor.txt | 15 ++++++++------- joal/apparmor.txt | 8 +++++--- joplin/apparmor.txt | 13 ++++++------- kometa/apparmor.txt | 14 +++++++------- librespeed/apparmor.txt | 12 +++++------- lidarr/apparmor.txt | 14 +++++++------- linkwarden/apparmor.txt | 12 +++++------- maintainerr/apparmor.txt | 12 +++++------- manyfold/apparmor.txt | 6 +++++- mealie/apparmor.txt | 8 +++++--- monica/apparmor.txt | 12 +++++------- mylar3/apparmor.txt | 14 +++++++------- navidrome/apparmor.txt | 14 +++++++------- netalertx/apparmor.txt | 8 +++++++- nextcloud/apparmor.txt | 14 +++++++------- nzbget/apparmor.txt | 14 +++++++------- omni-tools/apparmor.txt | 6 +++++- openproject/apparmor.txt | 12 +++++------- organizr/apparmor.txt | 8 +++++--- photoprism/apparmor.txt | 15 ++++++++------- piwigo/apparmor.txt | 14 +++++++------- plex/apparmor.txt | 14 +++++++------- portainer/apparmor.txt | 8 +++++--- postgres_15/apparmor.txt | 12 +++++------- prowlarr/apparmor.txt | 14 +++++++------- qbittorrent/apparmor.txt | 19 ++++++++----------- radarr/apparmor.txt | 14 +++++++------- readarr/apparmor.txt | 14 +++++++------- requestrr/apparmor.txt | 14 +++++++------- resiliosync/apparmor.txt | 15 ++++++++------- sabnzbd/apparmor.txt | 14 +++++++------- scrutiny/apparmor.txt | 15 ++++++++------- seafile/apparmor.txt | 15 ++++++++------- seerr/apparmor.txt | 12 +++++------- social_to_mealie/apparmor.txt | 12 +++++------- sonarr/apparmor.txt | 14 +++++++------- spotweb/apparmor.txt | 8 +++++--- tandoor_recipes/apparmor.txt | 8 +++++--- tdarr/apparmor.txt | 14 +++++++------- teamspeak/apparmor.txt | 8 +++++--- transmission/apparmor.txt | 14 +++++++------- transmission_openvpn/apparmor.txt | 15 ++++++++------- ubooquity/apparmor.txt | 14 +++++++------- unpackerr/apparmor.txt | 14 +++++++------- webtop_kde/apparmor.txt | 14 +++++++------- webtrees/apparmor.txt | 10 +++++++--- wger/apparmor.txt | 8 +++++--- whatsapper/apparmor.txt | 12 +++++------- whoogle/apparmor.txt | 12 +++++------- xteve/apparmor.txt | 8 +++++--- zoneminder/apparmor.txt | 12 +++++------- zzz_archived_code-server/apparmor.txt | 14 +++++++------- zzz_archived_jellyseerr/apparmor.txt | 12 +++++------- zzz_archived_omada/apparmor.txt | 12 +++++------- zzz_archived_omada_v3/apparmor.txt | 12 +++++------- zzz_archived_ombi/apparmor.txt | 12 +++++------- zzz_archived_overseerr/apparmor.txt | 12 +++++------- zzz_archived_paperless_ngx/apparmor.txt | 14 +++++++------- zzz_archived_papermerge/apparmor.txt | 14 +++++++------- zzz_archived_plex_meta_manager/apparmor.txt | 14 +++++++------- zzz_archived_tor/apparmor.txt | 12 +++++------- 107 files changed, 652 insertions(+), 669 deletions(-) diff --git a/arpspoof/apparmor.txt b/arpspoof/apparmor.txt index b634cbd61..b26a7dcf6 100644 --- a/arpspoof/apparmor.txt +++ b/arpspoof/apparmor.txt @@ -3,7 +3,13 @@ profile arpspoof_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile arpspoof_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/autobrr/apparmor.txt b/autobrr/apparmor.txt index ad452921c..fc964885f 100644 --- a/autobrr/apparmor.txt +++ b/autobrr/apparmor.txt @@ -3,7 +3,13 @@ profile autobrr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile autobrr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/baikal/apparmor.txt b/baikal/apparmor.txt index 21358b76b..d79b8b5d3 100644 --- a/baikal/apparmor.txt +++ b/baikal/apparmor.txt @@ -4,7 +4,11 @@ profile baikal_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -19,12 +23,6 @@ profile baikal_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/battybirdnet-pi/apparmor.txt b/battybirdnet-pi/apparmor.txt index 660a9003f..3177c146b 100644 --- a/battybirdnet-pi/apparmor.txt +++ b/battybirdnet-pi/apparmor.txt @@ -3,7 +3,13 @@ profile battybirdnet-pi_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile battybirdnet-pi_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/bazarr/apparmor.txt b/bazarr/apparmor.txt index a1354079c..fdf3c51e6 100644 --- a/bazarr/apparmor.txt +++ b/bazarr/apparmor.txt @@ -4,7 +4,13 @@ profile bazarr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -19,12 +25,6 @@ profile bazarr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/binance-trading-bot/apparmor.txt b/binance-trading-bot/apparmor.txt index 93d13b450..eed8e03ab 100644 --- a/binance-trading-bot/apparmor.txt +++ b/binance-trading-bot/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_binance-trading-bot flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_binance-trading-bot flags=(attach_disconnected,mediate_deleted) network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/birdnet-go/apparmor.txt b/birdnet-go/apparmor.txt index a8dff32af..64c538a8f 100644 --- a/birdnet-go/apparmor.txt +++ b/birdnet-go/apparmor.txt @@ -3,7 +3,14 @@ profile db21ed7f_birdnet-go flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, + capability sys_resource, file, signal, mount, @@ -18,12 +25,6 @@ profile db21ed7f_birdnet-go flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/birdnet-pi/apparmor.txt b/birdnet-pi/apparmor.txt index 8fcd2487c..dfcc30fa6 100644 --- a/birdnet-pi/apparmor.txt +++ b/birdnet-pi/apparmor.txt @@ -3,7 +3,13 @@ profile birdnet-pi_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile birdnet-pi_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/birdnet-pipy/apparmor.txt b/birdnet-pipy/apparmor.txt index f60a12e43..6827db08a 100644 --- a/birdnet-pipy/apparmor.txt +++ b/birdnet-pipy/apparmor.txt @@ -3,7 +3,11 @@ profile birdnet-pipy_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,10 +22,6 @@ profile birdnet-pipy_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, # S6-Overlay /init ix, diff --git a/bitwarden/apparmor.txt b/bitwarden/apparmor.txt index d6d52bf20..9495ac440 100644 --- a/bitwarden/apparmor.txt +++ b/bitwarden/apparmor.txt @@ -3,7 +3,11 @@ profile bitwarden_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile bitwarden_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/booksonic_air/apparmor.txt b/booksonic_air/apparmor.txt index 96e9a90b3..35d952569 100644 --- a/booksonic_air/apparmor.txt +++ b/booksonic_air/apparmor.txt @@ -3,7 +3,13 @@ profile booksonic-air_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile booksonic-air_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/browser_chromium/apparmor.txt b/browser_chromium/apparmor.txt index 2342b9be5..ca8bb381e 100644 --- a/browser_chromium/apparmor.txt +++ b/browser_chromium/apparmor.txt @@ -3,7 +3,13 @@ profile chromium_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile chromium_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/browserless_chrome/apparmor.txt b/browserless_chrome/apparmor.txt index 57a90e59a..13e198c94 100644 --- a/browserless_chrome/apparmor.txt +++ b/browserless_chrome/apparmor.txt @@ -4,7 +4,11 @@ profile browserlesschrome_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -19,12 +23,6 @@ profile browserlesschrome_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/calibre/apparmor.txt b/calibre/apparmor.txt index bb76028f4..948d3bed3 100644 --- a/calibre/apparmor.txt +++ b/calibre/apparmor.txt @@ -3,7 +3,14 @@ profile calibre_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability net_admin, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +25,6 @@ profile calibre_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/calibre_web/apparmor.txt b/calibre_web/apparmor.txt index 0e373b083..0675063e4 100644 --- a/calibre_web/apparmor.txt +++ b/calibre_web/apparmor.txt @@ -3,7 +3,14 @@ profile calibre-web_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability net_admin, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +25,6 @@ profile calibre-web_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/changedetection.io/apparmor.txt b/changedetection.io/apparmor.txt index 9de4432d7..70852dde5 100644 --- a/changedetection.io/apparmor.txt +++ b/changedetection.io/apparmor.txt @@ -3,7 +3,11 @@ profile addon_db21ed7f_changedetection.io_nas flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile addon_db21ed7f_changedetection.io_nas flags=(attach_disconnected,mediate network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/cleanuparr/apparmor.txt b/cleanuparr/apparmor.txt index 84b2c153e..8010415bd 100644 --- a/cleanuparr/apparmor.txt +++ b/cleanuparr/apparmor.txt @@ -3,7 +3,11 @@ profile cleanuparr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile cleanuparr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/cloudcommander/apparmor.txt b/cloudcommander/apparmor.txt index a9ad3811d..999db6613 100644 --- a/cloudcommander/apparmor.txt +++ b/cloudcommander/apparmor.txt @@ -3,7 +3,13 @@ profile cloudcommander_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile cloudcommander_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/codex/apparmor.txt b/codex/apparmor.txt index 461e7a160..625bcb420 100644 --- a/codex/apparmor.txt +++ b/codex/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_codex flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_codex flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/collabora/apparmor.txt b/collabora/apparmor.txt index ca7141cd2..2dd21cfed 100644 --- a/collabora/apparmor.txt +++ b/collabora/apparmor.txt @@ -3,7 +3,11 @@ profile collabora_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile collabora_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/comixed/apparmor.txt b/comixed/apparmor.txt index 98e97c11d..e4d623117 100644 --- a/comixed/apparmor.txt +++ b/comixed/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/elasticsearch/apparmor.txt b/elasticsearch/apparmor.txt index 3963223e0..f136fa492 100644 --- a/elasticsearch/apparmor.txt +++ b/elasticsearch/apparmor.txt @@ -3,7 +3,11 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/emby/apparmor.txt b/emby/apparmor.txt index a7ea8b4fd..08bdf4294 100644 --- a/emby/apparmor.txt +++ b/emby/apparmor.txt @@ -3,7 +3,13 @@ profile addon_db21ed7f_emby_nas flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile addon_db21ed7f_emby_nas flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/emby_beta/apparmor.txt b/emby_beta/apparmor.txt index a7ea8b4fd..08bdf4294 100644 --- a/emby_beta/apparmor.txt +++ b/emby_beta/apparmor.txt @@ -3,7 +3,13 @@ profile addon_db21ed7f_emby_nas flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile addon_db21ed7f_emby_nas flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/enedisgateway2mqtt/apparmor.txt b/enedisgateway2mqtt/apparmor.txt index 7bfd52e8d..58f98f9c3 100644 --- a/enedisgateway2mqtt/apparmor.txt +++ b/enedisgateway2mqtt/apparmor.txt @@ -3,7 +3,11 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/enedisgateway2mqtt_dev/apparmor.txt b/enedisgateway2mqtt_dev/apparmor.txt index 856f6e948..06379cc7a 100644 --- a/enedisgateway2mqtt_dev/apparmor.txt +++ b/enedisgateway2mqtt_dev/apparmor.txt @@ -3,7 +3,11 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/ente/apparmor.txt b/ente/apparmor.txt index 98e97c11d..e4d623117 100644 --- a/ente/apparmor.txt +++ b/ente/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/epicgamesfree/apparmor.txt b/epicgamesfree/apparmor.txt index bdc6ba571..b5de86355 100644 --- a/epicgamesfree/apparmor.txt +++ b/epicgamesfree/apparmor.txt @@ -3,7 +3,11 @@ profile epicgamesfree_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile epicgamesfree_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/filebrowser/apparmor.txt b/filebrowser/apparmor.txt index 98e97c11d..e4d623117 100644 --- a/filebrowser/apparmor.txt +++ b/filebrowser/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/filebrowser_quantum/apparmor.txt b/filebrowser_quantum/apparmor.txt index 98e97c11d..e4d623117 100644 --- a/filebrowser_quantum/apparmor.txt +++ b/filebrowser_quantum/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/fireflyiii/apparmor.txt b/fireflyiii/apparmor.txt index bfc3c68d1..00c1c466f 100644 --- a/fireflyiii/apparmor.txt +++ b/fireflyiii/apparmor.txt @@ -3,7 +3,11 @@ profile fireflyiii_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile fireflyiii_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/fireflyiii_data_importer/apparmor.txt b/fireflyiii_data_importer/apparmor.txt index bfc3c68d1..00c1c466f 100644 --- a/fireflyiii_data_importer/apparmor.txt +++ b/fireflyiii_data_importer/apparmor.txt @@ -3,7 +3,11 @@ profile fireflyiii_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile fireflyiii_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/fireflyiii_fints_importer/apparmor.txt b/fireflyiii_fints_importer/apparmor.txt index a76a290e5..978728d36 100644 --- a/fireflyiii_fints_importer/apparmor.txt +++ b/fireflyiii_fints_importer/apparmor.txt @@ -3,7 +3,11 @@ profile fireflyiii_fints_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile fireflyiii_fints_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/flaresolverr/apparmor.txt b/flaresolverr/apparmor.txt index 423603f78..22c273541 100644 --- a/flaresolverr/apparmor.txt +++ b/flaresolverr/apparmor.txt @@ -3,7 +3,11 @@ profile joplin flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile joplin flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - capability sys_rawio, # S6-Overlay /init ix, diff --git a/flexget/apparmor.txt b/flexget/apparmor.txt index bd606230d..5a2add076 100644 --- a/flexget/apparmor.txt +++ b/flexget/apparmor.txt @@ -3,7 +3,11 @@ profile flexget_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile flexget_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/free_games_claimer/apparmor.txt b/free_games_claimer/apparmor.txt index b26b699bc..558dab15f 100644 --- a/free_games_claimer/apparmor.txt +++ b/free_games_claimer/apparmor.txt @@ -3,7 +3,11 @@ profile free_games_claimer_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile free_games_claimer_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/gazpar2mqtt/apparmor.txt b/gazpar2mqtt/apparmor.txt index 856f6e948..06379cc7a 100644 --- a/gazpar2mqtt/apparmor.txt +++ b/gazpar2mqtt/apparmor.txt @@ -3,7 +3,11 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/gitea/apparmor.txt b/gitea/apparmor.txt index c25695e95..a007b16bf 100644 --- a/gitea/apparmor.txt +++ b/gitea/apparmor.txt @@ -3,7 +3,11 @@ profile gitea_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile gitea_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/grampsweb/apparmor.txt b/grampsweb/apparmor.txt index ddb432d34..b96d415de 100644 --- a/grampsweb/apparmor.txt +++ b/grampsweb/apparmor.txt @@ -3,7 +3,11 @@ profile grampsweb_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile grampsweb_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/grav/apparmor.txt b/grav/apparmor.txt index dac91b9b0..251fa2cb7 100644 --- a/grav/apparmor.txt +++ b/grav/apparmor.txt @@ -3,7 +3,11 @@ profile grav_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile grav_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/guacamole/apparmor.txt b/guacamole/apparmor.txt index 959e2aeeb..963a2b3a5 100644 --- a/guacamole/apparmor.txt +++ b/guacamole/apparmor.txt @@ -3,7 +3,11 @@ profile guacamole_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile guacamole_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/immich/apparmor.txt b/immich/apparmor.txt index 98e97c11d..e4d623117 100644 --- a/immich/apparmor.txt +++ b/immich/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/immich_frame/apparmor.txt b/immich_frame/apparmor.txt index d8a246fd1..617994e6e 100644 --- a/immich_frame/apparmor.txt +++ b/immich_frame/apparmor.txt @@ -3,7 +3,11 @@ profile db21ed7f_immich_frame flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile db21ed7f_immich_frame flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/immich_power_tools/apparmor.txt b/immich_power_tools/apparmor.txt index edb8345af..222f74d15 100644 --- a/immich_power_tools/apparmor.txt +++ b/immich_power_tools/apparmor.txt @@ -3,7 +3,11 @@ profile db21ed7f_immich_power_tools flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile db21ed7f_immich_power_tools flags=(attach_disconnected,mediate_deleted) network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/inadyn/apparmor.txt b/inadyn/apparmor.txt index 856f6e948..06379cc7a 100644 --- a/inadyn/apparmor.txt +++ b/inadyn/apparmor.txt @@ -3,7 +3,11 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/jackett/apparmor.txt b/jackett/apparmor.txt index e48fb0128..992910c81 100644 --- a/jackett/apparmor.txt +++ b/jackett/apparmor.txt @@ -3,7 +3,13 @@ profile jackett_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile jackett_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/jellyfin/apparmor.txt b/jellyfin/apparmor.txt index ab32eaf39..bcd9a1514 100644 --- a/jellyfin/apparmor.txt +++ b/jellyfin/apparmor.txt @@ -3,7 +3,14 @@ profile addon_db21ed7f_jellyfin_nas flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability net_admin, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +25,6 @@ profile addon_db21ed7f_jellyfin_nas flags=(attach_disconnected,mediate_deleted) network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability sys_rawio, - capability dac_read_search, - # capability dac_override, # S6-Overlay /init ix, diff --git a/joal/apparmor.txt b/joal/apparmor.txt index 89e23bc88..0e17841ab 100644 --- a/joal/apparmor.txt +++ b/joal/apparmor.txt @@ -3,7 +3,11 @@ profile joal_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile joal_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/joplin/apparmor.txt b/joplin/apparmor.txt index 423603f78..078355e7e 100644 --- a/joplin/apparmor.txt +++ b/joplin/apparmor.txt @@ -3,7 +3,12 @@ profile joplin flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, + capability sys_time, file, signal, mount, @@ -18,12 +23,6 @@ profile joplin flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - capability sys_rawio, # S6-Overlay /init ix, diff --git a/kometa/apparmor.txt b/kometa/apparmor.txt index c690a3a41..408f8b52a 100644 --- a/kometa/apparmor.txt +++ b/kometa/apparmor.txt @@ -3,7 +3,13 @@ profile kometa_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile kometa_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/librespeed/apparmor.txt b/librespeed/apparmor.txt index d9f06e970..397d3d777 100644 --- a/librespeed/apparmor.txt +++ b/librespeed/apparmor.txt @@ -3,7 +3,11 @@ profile librespeed_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile librespeed_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/lidarr/apparmor.txt b/lidarr/apparmor.txt index b3c45a848..79884515a 100644 --- a/lidarr/apparmor.txt +++ b/lidarr/apparmor.txt @@ -3,7 +3,13 @@ profile radarr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile radarr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/linkwarden/apparmor.txt b/linkwarden/apparmor.txt index 7417d344e..40201f7c4 100644 --- a/linkwarden/apparmor.txt +++ b/linkwarden/apparmor.txt @@ -3,7 +3,11 @@ profile linkwarden_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile linkwarden_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/maintainerr/apparmor.txt b/maintainerr/apparmor.txt index cebe37e41..c36ba131c 100644 --- a/maintainerr/apparmor.txt +++ b/maintainerr/apparmor.txt @@ -3,7 +3,11 @@ profile maintainerr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile maintainerr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/manyfold/apparmor.txt b/manyfold/apparmor.txt index 91fcc4abe..2620064ab 100644 --- a/manyfold/apparmor.txt +++ b/manyfold/apparmor.txt @@ -10,7 +10,11 @@ profile hassio-addons/manyfold flags=(attach_disconnected,mediate_deleted) { # denying known high-risk kernel interfaces. file, network, - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, deny /proc/kcore rwklx, deny /proc/sysrq-trigger rwklx, diff --git a/mealie/apparmor.txt b/mealie/apparmor.txt index 4b173ddad..20893cbab 100644 --- a/mealie/apparmor.txt +++ b/mealie/apparmor.txt @@ -3,7 +3,11 @@ profile mealie_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile mealie_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/monica/apparmor.txt b/monica/apparmor.txt index a9d564319..137aca2ae 100644 --- a/monica/apparmor.txt +++ b/monica/apparmor.txt @@ -3,7 +3,11 @@ profile monica_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile monica_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/mylar3/apparmor.txt b/mylar3/apparmor.txt index 5218a8a93..ac181b7ed 100644 --- a/mylar3/apparmor.txt +++ b/mylar3/apparmor.txt @@ -3,7 +3,13 @@ profile mylar3_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile mylar3_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/navidrome/apparmor.txt b/navidrome/apparmor.txt index ee17b6b23..14200b955 100644 --- a/navidrome/apparmor.txt +++ b/navidrome/apparmor.txt @@ -3,7 +3,13 @@ profile navidrome_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile navidrome_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/netalertx/apparmor.txt b/netalertx/apparmor.txt index c025dcf76..723e7e94f 100644 --- a/netalertx/apparmor.txt +++ b/netalertx/apparmor.txt @@ -3,7 +3,13 @@ profile netalertx_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability net_admin, + capability net_raw, + capability setgid, + capability setuid, file, signal, mount, diff --git a/nextcloud/apparmor.txt b/nextcloud/apparmor.txt index c0d67cd07..e475cdd11 100644 --- a/nextcloud/apparmor.txt +++ b/nextcloud/apparmor.txt @@ -3,7 +3,13 @@ profile nextcloud_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile nextcloud_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/nzbget/apparmor.txt b/nzbget/apparmor.txt index 885804f46..7dd4b1406 100644 --- a/nzbget/apparmor.txt +++ b/nzbget/apparmor.txt @@ -3,7 +3,13 @@ profile nzbget_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile nzbget_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/omni-tools/apparmor.txt b/omni-tools/apparmor.txt index 98a6c893f..5792ee418 100644 --- a/omni-tools/apparmor.txt +++ b/omni-tools/apparmor.txt @@ -4,7 +4,11 @@ profile omni-tools flags=(attach_disconnected,mediate_deleted) { #include # Capabilities - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal (send) set=(kill,term,int,hup,cont), diff --git a/openproject/apparmor.txt b/openproject/apparmor.txt index e4796de8f..2f510f2bc 100644 --- a/openproject/apparmor.txt +++ b/openproject/apparmor.txt @@ -3,7 +3,11 @@ profile openproject_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile openproject_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/organizr/apparmor.txt b/organizr/apparmor.txt index 19b59e65f..a3016461d 100644 --- a/organizr/apparmor.txt +++ b/organizr/apparmor.txt @@ -3,7 +3,11 @@ profile organizr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,8 +22,6 @@ profile organizr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/photoprism/apparmor.txt b/photoprism/apparmor.txt index d23dd8813..40bd2d287 100644 --- a/photoprism/apparmor.txt +++ b/photoprism/apparmor.txt @@ -3,7 +3,14 @@ profile photoprism flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, + capability sys_rawio, file, signal, mount, @@ -18,12 +25,6 @@ profile photoprism flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability dac_override, - capability sys_admin, - capability dac_read_search, - capability sys_rawio, # S6-Overlay /init ix, diff --git a/piwigo/apparmor.txt b/piwigo/apparmor.txt index c9e4dab8b..e980b8620 100644 --- a/piwigo/apparmor.txt +++ b/piwigo/apparmor.txt @@ -3,7 +3,13 @@ profile piwigo_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile piwigo_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/plex/apparmor.txt b/plex/apparmor.txt index 69170a941..ccd64d889 100644 --- a/plex/apparmor.txt +++ b/plex/apparmor.txt @@ -3,7 +3,13 @@ profile addon_db21ed7f_plex_nas flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile addon_db21ed7f_plex_nas flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/portainer/apparmor.txt b/portainer/apparmor.txt index ef354c8cc..41b6a2faa 100644 --- a/portainer/apparmor.txt +++ b/portainer/apparmor.txt @@ -3,7 +3,11 @@ profile portainer_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile portainer_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/postgres_15/apparmor.txt b/postgres_15/apparmor.txt index 70262be68..2e806546f 100644 --- a/postgres_15/apparmor.txt +++ b/postgres_15/apparmor.txt @@ -3,7 +3,11 @@ profile postgres_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile postgres_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/prowlarr/apparmor.txt b/prowlarr/apparmor.txt index 8e48cd94b..5bedb9bdc 100644 --- a/prowlarr/apparmor.txt +++ b/prowlarr/apparmor.txt @@ -3,7 +3,13 @@ profile prowlarr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile prowlarr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/qbittorrent/apparmor.txt b/qbittorrent/apparmor.txt index bf6a6b0e2..af4538926 100644 --- a/qbittorrent/apparmor.txt +++ b/qbittorrent/apparmor.txt @@ -3,7 +3,14 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability net_admin, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,16 +25,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability chown, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability net_admin, - capability dac_override, - capability net_bind_service, - capability net_broadcast, - capability sys_rawio, # S6-Overlay /init ix, diff --git a/radarr/apparmor.txt b/radarr/apparmor.txt index b3c45a848..79884515a 100644 --- a/radarr/apparmor.txt +++ b/radarr/apparmor.txt @@ -3,7 +3,13 @@ profile radarr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile radarr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/readarr/apparmor.txt b/readarr/apparmor.txt index b7cc34eae..5dc39e473 100644 --- a/readarr/apparmor.txt +++ b/readarr/apparmor.txt @@ -3,7 +3,13 @@ profile readarr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile readarr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/requestrr/apparmor.txt b/requestrr/apparmor.txt index 478167cbb..bfac78dfa 100644 --- a/requestrr/apparmor.txt +++ b/requestrr/apparmor.txt @@ -3,7 +3,13 @@ profile requestrr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile requestrr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/resiliosync/apparmor.txt b/resiliosync/apparmor.txt index f9448c7bb..50aedd229 100644 --- a/resiliosync/apparmor.txt +++ b/resiliosync/apparmor.txt @@ -3,7 +3,14 @@ profile resiliosync_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability net_admin, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +25,6 @@ profile resiliosync_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/sabnzbd/apparmor.txt b/sabnzbd/apparmor.txt index 45dda937d..34c6473b6 100644 --- a/sabnzbd/apparmor.txt +++ b/sabnzbd/apparmor.txt @@ -3,7 +3,13 @@ profile sabnzbd_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile sabnzbd_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/scrutiny/apparmor.txt b/scrutiny/apparmor.txt index 2cf1edb58..3129a1e10 100644 --- a/scrutiny/apparmor.txt +++ b/scrutiny/apparmor.txt @@ -3,7 +3,14 @@ profile db21ed7f_scrutiny flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, + capability sys_rawio, file, signal, mount, @@ -18,12 +25,6 @@ profile db21ed7f_scrutiny flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability dac_override, - capability sys_admin, - capability dac_read_search, - capability sys_rawio, # S6-Overlay /init ix, diff --git a/seafile/apparmor.txt b/seafile/apparmor.txt index 667900889..59ccd2f68 100644 --- a/seafile/apparmor.txt +++ b/seafile/apparmor.txt @@ -3,7 +3,14 @@ profile seafile_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability net_admin, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +25,6 @@ profile seafile_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/seerr/apparmor.txt b/seerr/apparmor.txt index a6e2134ee..894a2dcab 100644 --- a/seerr/apparmor.txt +++ b/seerr/apparmor.txt @@ -3,7 +3,11 @@ profile seerr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile seerr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/social_to_mealie/apparmor.txt b/social_to_mealie/apparmor.txt index e5ac2e175..ec6b3bade 100644 --- a/social_to_mealie/apparmor.txt +++ b/social_to_mealie/apparmor.txt @@ -3,7 +3,11 @@ profile social_to_mealie_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile social_to_mealie_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/sonarr/apparmor.txt b/sonarr/apparmor.txt index 608bbb4ab..09a642fb5 100644 --- a/sonarr/apparmor.txt +++ b/sonarr/apparmor.txt @@ -3,7 +3,13 @@ profile sonarr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile sonarr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/spotweb/apparmor.txt b/spotweb/apparmor.txt index 7d4265c61..9c1e03409 100644 --- a/spotweb/apparmor.txt +++ b/spotweb/apparmor.txt @@ -3,7 +3,11 @@ profile spotweb_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile spotweb_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/tandoor_recipes/apparmor.txt b/tandoor_recipes/apparmor.txt index 1d0c543e5..830250be3 100644 --- a/tandoor_recipes/apparmor.txt +++ b/tandoor_recipes/apparmor.txt @@ -3,7 +3,11 @@ profile tandoor_recipes_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile tandoor_recipes_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/tdarr/apparmor.txt b/tdarr/apparmor.txt index 63b89643c..83af16408 100644 --- a/tdarr/apparmor.txt +++ b/tdarr/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_tdarr flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_tdarr flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/teamspeak/apparmor.txt b/teamspeak/apparmor.txt index 4e81f2903..481ae5d5b 100644 --- a/teamspeak/apparmor.txt +++ b/teamspeak/apparmor.txt @@ -3,7 +3,11 @@ profile teamspeak_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile teamspeak_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/transmission/apparmor.txt b/transmission/apparmor.txt index 93d572322..4c81f971d 100644 --- a/transmission/apparmor.txt +++ b/transmission/apparmor.txt @@ -3,7 +3,13 @@ profile db21ed7f_transmission flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile db21ed7f_transmission flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/transmission_openvpn/apparmor.txt b/transmission_openvpn/apparmor.txt index 0a596920a..64f9dc8a3 100644 --- a/transmission_openvpn/apparmor.txt +++ b/transmission_openvpn/apparmor.txt @@ -3,7 +3,14 @@ profile db21ed7f_transmission_openvpn flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability net_admin, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +25,6 @@ profile db21ed7f_transmission_openvpn flags=(attach_disconnected,mediate_deleted network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/ubooquity/apparmor.txt b/ubooquity/apparmor.txt index 65ae73ffb..822212b75 100644 --- a/ubooquity/apparmor.txt +++ b/ubooquity/apparmor.txt @@ -3,7 +3,13 @@ profile ubooquity_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile ubooquity_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/unpackerr/apparmor.txt b/unpackerr/apparmor.txt index 7e4c1ed66..941a191fd 100644 --- a/unpackerr/apparmor.txt +++ b/unpackerr/apparmor.txt @@ -3,7 +3,13 @@ profile unpackerr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile unpackerr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/webtop_kde/apparmor.txt b/webtop_kde/apparmor.txt index 9c2ab2eba..52c5f1f0c 100644 --- a/webtop_kde/apparmor.txt +++ b/webtop_kde/apparmor.txt @@ -3,7 +3,13 @@ profile webtop_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile webtop_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/webtrees/apparmor.txt b/webtrees/apparmor.txt index f6d52b4d0..0136730bc 100644 --- a/webtrees/apparmor.txt +++ b/webtrees/apparmor.txt @@ -3,7 +3,13 @@ profile webtrees_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -17,8 +23,6 @@ profile webtrees_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/wger/apparmor.txt b/wger/apparmor.txt index e94f74db7..924f07469 100644 --- a/wger/apparmor.txt +++ b/wger/apparmor.txt @@ -3,7 +3,11 @@ profile wger_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile wger_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/whatsapper/apparmor.txt b/whatsapper/apparmor.txt index c25695e95..a007b16bf 100644 --- a/whatsapper/apparmor.txt +++ b/whatsapper/apparmor.txt @@ -3,7 +3,11 @@ profile gitea_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile gitea_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/whoogle/apparmor.txt b/whoogle/apparmor.txt index 3d5cefeab..fba07a798 100644 --- a/whoogle/apparmor.txt +++ b/whoogle/apparmor.txt @@ -3,7 +3,11 @@ profile whoogle-search_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile whoogle-search_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/xteve/apparmor.txt b/xteve/apparmor.txt index ed7458191..1814a0b9b 100644 --- a/xteve/apparmor.txt +++ b/xteve/apparmor.txt @@ -3,7 +3,11 @@ profile xteve_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -17,8 +21,6 @@ profile xteve_addon flags=(attach_disconnected,mediate_deleted) { network inet6, network netlink raw, network unix dgram, - capability setgid, - capability setuid, # S6-Overlay diff --git a/zoneminder/apparmor.txt b/zoneminder/apparmor.txt index d1c9df0aa..25580d516 100644 --- a/zoneminder/apparmor.txt +++ b/zoneminder/apparmor.txt @@ -3,7 +3,11 @@ profile zoneminder_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile zoneminder_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_code-server/apparmor.txt b/zzz_archived_code-server/apparmor.txt index bc6a0ac75..10fbb32a9 100644 --- a/zzz_archived_code-server/apparmor.txt +++ b/zzz_archived_code-server/apparmor.txt @@ -3,7 +3,13 @@ profile code_server_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile code_server_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_jellyseerr/apparmor.txt b/zzz_archived_jellyseerr/apparmor.txt index 006a14b5f..885e0e88b 100644 --- a/zzz_archived_jellyseerr/apparmor.txt +++ b/zzz_archived_jellyseerr/apparmor.txt @@ -3,7 +3,11 @@ profile jellyseer_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile jellyseer_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_omada/apparmor.txt b/zzz_archived_omada/apparmor.txt index 36dd9a3d8..679948649 100644 --- a/zzz_archived_omada/apparmor.txt +++ b/zzz_archived_omada/apparmor.txt @@ -3,7 +3,11 @@ profile omada_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile omada_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_omada_v3/apparmor.txt b/zzz_archived_omada_v3/apparmor.txt index 36dd9a3d8..679948649 100644 --- a/zzz_archived_omada_v3/apparmor.txt +++ b/zzz_archived_omada_v3/apparmor.txt @@ -3,7 +3,11 @@ profile omada_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile omada_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_ombi/apparmor.txt b/zzz_archived_ombi/apparmor.txt index 6a073fe20..a4c2a2b67 100644 --- a/zzz_archived_ombi/apparmor.txt +++ b/zzz_archived_ombi/apparmor.txt @@ -3,7 +3,11 @@ profile ombi_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile ombi_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_overseerr/apparmor.txt b/zzz_archived_overseerr/apparmor.txt index 6d7b07528..74a9fabe3 100644 --- a/zzz_archived_overseerr/apparmor.txt +++ b/zzz_archived_overseerr/apparmor.txt @@ -3,7 +3,11 @@ profile overseerr_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile overseerr_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_paperless_ngx/apparmor.txt b/zzz_archived_paperless_ngx/apparmor.txt index 3e5e3da74..aa9b70174 100644 --- a/zzz_archived_paperless_ngx/apparmor.txt +++ b/zzz_archived_paperless_ngx/apparmor.txt @@ -3,7 +3,13 @@ profile addon_db21ed7f_paperless_ngx flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile addon_db21ed7f_paperless_ngx flags=(attach_disconnected,mediate_deleted) network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_papermerge/apparmor.txt b/zzz_archived_papermerge/apparmor.txt index 212046345..d4c6d24bb 100644 --- a/zzz_archived_papermerge/apparmor.txt +++ b/zzz_archived_papermerge/apparmor.txt @@ -3,7 +3,13 @@ profile papermerge_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile papermerge_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_plex_meta_manager/apparmor.txt b/zzz_archived_plex_meta_manager/apparmor.txt index 653d4a943..941aef171 100644 --- a/zzz_archived_plex_meta_manager/apparmor.txt +++ b/zzz_archived_plex_meta_manager/apparmor.txt @@ -3,7 +3,13 @@ profile plex-meta-manager_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability dac_read_search, + capability fowner, + capability setgid, + capability setuid, + capability sys_admin, file, signal, mount, @@ -18,12 +24,6 @@ profile plex-meta-manager_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, diff --git a/zzz_archived_tor/apparmor.txt b/zzz_archived_tor/apparmor.txt index 709ccf59a..008fc758e 100644 --- a/zzz_archived_tor/apparmor.txt +++ b/zzz_archived_tor/apparmor.txt @@ -3,7 +3,11 @@ profile tor_addon flags=(attach_disconnected,mediate_deleted) { #include - capability, + capability chown, + capability dac_override, + capability fowner, + capability setgid, + capability setuid, file, signal, mount, @@ -18,12 +22,6 @@ profile tor_addon flags=(attach_disconnected,mediate_deleted) { network netlink raw, network unix dgram, - capability setgid, - capability setuid, - capability sys_admin, - capability dac_read_search, - # capability dac_override, - # capability sys_rawio, # S6-Overlay /init ix, From 41fe7d3bb00e7daefddd1a3600df550c15674229 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 17 Mar 2026 09:03:46 +0000 Subject: [PATCH 12/16] Fix ImmichFrame config: map env_vars and schema options to Settings.yaml - Add General display options (Interval, ShowClock, etc.) to addon config schema - Add per-Account filter options (Albums, People, ShowFavorites, etc.) to Accounts schema - Rewrite 99-run.sh to generate complete Settings.yaml with General and Accounts sections - env_vars are automatically classified as General or Account-level settings - Schema options take precedence over env_vars - Full backward compatibility: existing env_var configs continue to work - Update README with comprehensive options documentation - Bump version to 1.0.32.0-4 Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com> --- immich_frame/CHANGELOG.md | 7 + immich_frame/README.md | 86 +++++++- immich_frame/config.yaml | 45 +++- immich_frame/rootfs/etc/cont-init.d/99-run.sh | 207 +++++++++++++++--- 4 files changed, 306 insertions(+), 39 deletions(-) diff --git a/immich_frame/CHANGELOG.md b/immich_frame/CHANGELOG.md index 2d858c13b..90c1015e9 100644 --- a/immich_frame/CHANGELOG.md +++ b/immich_frame/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.0.32.0-4 (17-03-2026) +- Fix: env_vars now properly written to Settings.yaml instead of only environment variables +- Added General config options to addon UI (Interval, ShowClock, PhotoDateFormat, Style, Layout, etc.) +- Added per-Account config options to addon UI (Albums, People, ShowFavorites, ShowMemories, etc.) +- env_vars are automatically classified as General or Account settings in Settings.yaml +- Full backward compatibility: existing env_vars configurations continue to work + ## 1.0.32.0-3 (16-03-2026) - Minor bugs fixed diff --git a/immich_frame/README.md b/immich_frame/README.md index 7ef9ec464..184c49dce 100644 --- a/immich_frame/README.md +++ b/immich_frame/README.md @@ -39,12 +39,71 @@ Webui can be found at `:8171`. ### Options +#### Connection + +| Option | Type | Description | +|--------|------|-------------| +| `ImmichServerUrl` | str | URL of your Immich server (e.g., `http://homeassistant:3001`). Used for single-account setup. | +| `ApiKey` | str | Immich API key for authentication. Used for single-account setup. | +| `Accounts` | list | List of Immich accounts for multi-account support. Each entry requires `ImmichServerUrl` and `ApiKey`, plus optional per-account filters (see below). | +| `TZ` | str | Timezone (e.g., `Europe/London`) | + +#### General (Display) Options + +These top-level options map to ImmichFrame's `General` settings and control the display behavior: + | Option | Type | Default | Description | |--------|------|---------|-------------| -| `ImmichServerUrl` | str | | URL of your Immich server (e.g., `http://homeassistant:3001`). Used for single-account setup. | -| `ApiKey` | str | | Immich API key for authentication. Used for single-account setup. | -| `Accounts` | list | `[]` | List of Immich accounts for multi-account support. Each entry requires `ImmichServerUrl` and `ApiKey`. | -| `TZ` | str | | Timezone (e.g., `Europe/London`) | +| `Interval` | int | 45 | Image display interval in seconds | +| `TransitionDuration` | float | 2 | Transition duration in seconds | +| `ShowClock` | bool | true | Display the current time | +| `ClockFormat` | str | `hh:mm` | Time format for the clock | +| `ClockDateFormat` | str | `eee, MMM d` | Date format for the clock | +| `ShowProgressBar` | bool | true | Display the progress bar | +| `ShowPhotoDate` | bool | true | Display the date of the current image | +| `PhotoDateFormat` | str | `MM/dd/yyyy` | Date format for photo dates | +| `ShowImageDesc` | bool | true | Display image description | +| `ShowPeopleDesc` | bool | true | Display people names | +| `ShowTagsDesc` | bool | true | Display tag names | +| `ShowAlbumName` | bool | true | Display album names | +| `ShowImageLocation` | bool | true | Display image location | +| `ShowWeatherDescription` | bool | true | Display weather description | +| `ImageZoom` | bool | true | Zoom into images for a touch of life | +| `ImagePan` | bool | false | Pan images in a random direction | +| `ImageFill` | bool | false | Fill available space (may crop) | +| `PlayAudio` | bool | false | Play audio for videos with audio tracks | +| `PrimaryColor` | str | `#f5deb3` | Primary UI color (hex) | +| `SecondaryColor` | str | `#000000` | Secondary UI color (hex) | +| `Style` | str | `none` | Background style: `none`, `solid`, `transition`, `blur` | +| `Layout` | str | `splitview` | Layout: `single` or `splitview` | +| `BaseFontSize` | str | `17px` | Base font size (CSS format) | +| `Language` | str | `en` | 2-digit ISO language code | +| `WeatherApiKey` | str | | OpenWeatherMap API key | +| `UnitSystem` | str | `imperial` | `imperial` or `metric` | +| `WeatherLatLong` | str | | Weather location as `lat,lon` | +| `ImageLocationFormat` | str | `City,State,Country` | Location display format | +| `DownloadImages` | bool | false | Download images to server | +| `RenewImagesDuration` | int | 30 | Re-download images after this many days | +| `RefreshAlbumPeopleInterval` | int | 12 | Hours between album/people refresh | + +#### Per-Account Options + +These options can be set within each `Accounts` entry to control which images are shown: + +| Option | Type | Description | +|--------|------|-------------| +| `Albums` | str | Comma-separated album UUIDs | +| `ExcludedAlbums` | str | Comma-separated excluded album UUIDs | +| `People` | str | Comma-separated people UUIDs | +| `Tags` | str | Comma-separated tag paths (e.g., `Vacation,Travel/Europe`) | +| `ShowFavorites` | bool | Show favorite images | +| `ShowMemories` | bool | Show memory images | +| `ShowArchived` | bool | Show archived images | +| `ShowVideos` | bool | Include video assets | +| `ImagesFromDays` | int | Show images from the last X days | +| `ImagesFromDate` | str | Show images after this date | +| `ImagesUntilDate` | str | Show images before this date | +| `Rating` | int | Filter by star rating (-1 to 5) | ### Single Account Example @@ -52,6 +111,9 @@ Webui can be found at `:8171`. ImmichServerUrl: "http://homeassistant:3001" ApiKey: "your-immich-api-key-here" TZ: "Europe/London" +ShowClock: false +Interval: 30 +PhotoDateFormat: "dd/MM/yyyy" ``` ### Multi-Account Example @@ -62,8 +124,13 @@ To display photos from multiple Immich accounts (e.g., you and your partner), us Accounts: - ImmichServerUrl: "http://homeassistant:3001" ApiKey: "api-key-for-user-1" + Albums: "album-uuid-1,album-uuid-2" + ShowFavorites: true - ImmichServerUrl: "http://homeassistant:3001" ApiKey: "api-key-for-user-2" + People: "person-uuid-1,person-uuid-2" +ShowClock: false +Interval: 40 TZ: "Europe/London" ``` @@ -84,7 +151,16 @@ For more configuration options, see the [ImmichFrame documentation](https://immi This addon supports custom scripts and environment variables through the `addon_config` mapping: - **Custom scripts**: See [Running Custom Scripts in Addons](https://github.com/alexbelgium/hassio-addons/wiki/Running-custom-scripts-in-Addons) -- **env_vars option**: Use the add-on `env_vars` option to pass extra environment variables (uppercase or lowercase names). See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details. +- **env_vars option**: Use the add-on `env_vars` option to pass extra ImmichFrame settings not available in the addon UI. Environment variables are automatically classified as General or Account-level settings and written to `Settings.yaml`. See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details. + +**env_vars example** (for settings not in the UI): +```yaml +env_vars: + - name: AuthenticationSecret + value: "my-secret" + - name: Webhook + value: "http://example.com/notify" +``` ## Installation diff --git a/immich_frame/config.yaml b/immich_frame/config.yaml index 21ad5d1c3..59a60c113 100644 --- a/immich_frame/config.yaml +++ b/immich_frame/config.yaml @@ -19,13 +19,56 @@ schema: Accounts: - ImmichServerUrl: str ApiKey: str + Albums: str? + ExcludedAlbums: str? + People: str? + Tags: str? + ShowFavorites: bool? + ShowMemories: bool? + ShowArchived: bool? + ShowVideos: bool? + ImagesFromDays: int? + ImagesFromDate: str? + ImagesUntilDate: str? + Rating: int? env_vars: - name: match(^[A-Za-z0-9_]+$) value: str? ApiKey: str? ImmichServerUrl: str? TZ: str? + Interval: int? + TransitionDuration: float? + ShowClock: bool? + ClockFormat: str? + ClockDateFormat: str? + ShowProgressBar: bool? + ShowPhotoDate: bool? + PhotoDateFormat: str? + ShowImageDesc: bool? + ShowPeopleDesc: bool? + ShowTagsDesc: bool? + ShowAlbumName: bool? + ShowImageLocation: bool? + ShowWeatherDescription: bool? + ImageZoom: bool? + ImagePan: bool? + ImageFill: bool? + PlayAudio: bool? + PrimaryColor: str? + SecondaryColor: str? + Style: str? + Layout: str? + BaseFontSize: str? + Language: str? + WeatherApiKey: str? + UnitSystem: str? + WeatherLatLong: str? + ImageLocationFormat: str? + DownloadImages: bool? + RenewImagesDuration: int? + RefreshAlbumPeopleInterval: int? slug: immich_frame url: https://github.com/alexbelgium/hassio-addons -version: "1.0.32.0-3" +version: "1.0.32.0-4" webui: http://[HOST]:[PORT:8080] diff --git a/immich_frame/rootfs/etc/cont-init.d/99-run.sh b/immich_frame/rootfs/etc/cont-init.d/99-run.sh index 6141be3d2..6abd7bae2 100755 --- a/immich_frame/rootfs/etc/cont-init.d/99-run.sh +++ b/immich_frame/rootfs/etc/cont-init.d/99-run.sh @@ -22,45 +22,186 @@ if [ ! -e /app/Config ]; then ln -sf /config/Config /app/Config fi -# Generate Settings.yaml from addon options for multi-account support +# ---- Settings.yaml generation ---- SETTINGS_FILE="/config/Config/Settings.yaml" -ACCOUNT_COUNT=$(jq '.Accounts // [] | length' /data/options.json 2>/dev/null || echo 0) -if [ "$ACCOUNT_COUNT" -gt 0 ]; then - bashio::log.info "Configuring ${ACCOUNT_COUNT} account(s) from Accounts list" - { +# Known account-level setting names (ImmichFrame v2 config) +ACCOUNT_KEYS=" ImmichServerUrl ApiKey ApiKeyFile Albums ExcludedAlbums People Tags ShowFavorites ShowMemories ShowArchived ShowVideos ImagesFromDays ImagesFromDate ImagesUntilDate Rating " +# Settings that accept comma-separated values and should become YAML lists +LIST_KEYS=" Albums ExcludedAlbums People Tags Webcalendars " + +# Helper: check if word is in a space-padded list +in_list() { [[ "$2" == *" $1 "* ]]; } + +# Helper: read a value from options.json handling booleans and nulls correctly +config_val() { + jq -r "($1) as \$v | if \$v == null then \"\" else (\$v | tostring) end" /data/options.json 2>/dev/null +} +config_has() { + jq -e "($1) != null" /data/options.json >/dev/null 2>&1 +} + +# Helper: write a YAML key-value pair with proper formatting +yaml_kv() { + local indent="$1" key="$2" value="$3" + + # List-type settings -> YAML array + if in_list "$key" "$LIST_KEYS"; then + echo "${indent}${key}:" + IFS=',' read -ra ITEMS <<< "$value" + for item in "${ITEMS[@]}"; do + item="$(echo "$item" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')" + [ -n "$item" ] && echo "${indent} - '${item//\'/\'\'}'" + done + return + fi + + # Boolean + if [ "$value" = "true" ] || [ "$value" = "false" ]; then + echo "${indent}${key}: ${value}" + return + fi + + # Integer + if [[ "$value" =~ ^-?[0-9]+$ ]]; then + echo "${indent}${key}: ${value}" + return + fi + + # Float + if [[ "$value" =~ ^-?[0-9]+\.[0-9]+$ ]]; then + echo "${indent}${key}: ${value}" + return + fi + + # String (single-quoted with escaping) + echo "${indent}${key}: '${value//\'/\'\'}'" +} + +# ---- Classify env_vars into general vs account settings ---- +declare -A GENERAL_ENVS +declare -A ACCOUNT_ENVS + +ENV_COUNT=$(jq '.env_vars // [] | length' /data/options.json 2>/dev/null || echo 0) +if [ "$ENV_COUNT" -gt 0 ]; then + bashio::log.info "Processing ${ENV_COUNT} env_var(s) for Settings.yaml" +fi +for idx in $(seq 0 $((ENV_COUNT - 1))); do + ENAME=$(jq -r ".env_vars[${idx}].name" /data/options.json) + EVALUE=$(jq -r ".env_vars[${idx}].value // \"\"" /data/options.json) + [ -z "$ENAME" ] && continue + [ -z "$EVALUE" ] && continue + [ "$ENAME" = "TZ" ] && continue # TZ is a system env var, not an ImmichFrame setting + + if in_list "$ENAME" "$ACCOUNT_KEYS"; then + ACCOUNT_ENVS["$ENAME"]="$EVALUE" + bashio::log.info " env_var ${ENAME} -> Account setting" + else + GENERAL_ENVS["$ENAME"]="$EVALUE" + bashio::log.info " env_var ${ENAME} -> General setting" + fi +done + +# General options from the addon schema +GENERAL_SCHEMA_OPTS="Interval TransitionDuration ShowClock ClockFormat ClockDateFormat + ShowProgressBar ShowPhotoDate PhotoDateFormat ShowImageDesc ShowPeopleDesc + ShowTagsDesc ShowAlbumName ShowImageLocation ShowWeatherDescription + ImageZoom ImagePan ImageFill PlayAudio PrimaryColor SecondaryColor Style + Layout BaseFontSize Language WeatherApiKey UnitSystem WeatherLatLong + ImageLocationFormat DownloadImages RenewImagesDuration RefreshAlbumPeopleInterval" + +# Per-account options from the addon schema (besides ImmichServerUrl/ApiKey) +ACCOUNT_SCHEMA_OPTS="Albums ExcludedAlbums People Tags ShowFavorites ShowMemories + ShowArchived ShowVideos ImagesFromDays ImagesFromDate ImagesUntilDate Rating" + +# ---- Build Settings.yaml ---- +{ + # -- General section -- + GENERAL_STARTED=false + + for opt in $GENERAL_SCHEMA_OPTS; do + if config_has ".$opt"; then + $GENERAL_STARTED || { echo "General:"; GENERAL_STARTED=true; } + yaml_kv " " "$opt" "$(config_val ".$opt")" + fi + done + + # Add general env_vars (skip if already set via schema option) + for key in "${!GENERAL_ENVS[@]}"; do + if ! config_has ".$key"; then + $GENERAL_STARTED || { echo "General:"; GENERAL_STARTED=true; } + yaml_kv " " "$key" "${GENERAL_ENVS[$key]}" + fi + done + + # -- Accounts section -- + ACCOUNT_COUNT=$(jq '.Accounts // [] | length' /data/options.json 2>/dev/null || echo 0) + + if [ "$ACCOUNT_COUNT" -gt 0 ]; then + bashio::log.info "Configuring ${ACCOUNT_COUNT} account(s) from Accounts list" echo "Accounts:" for i in $(seq 0 $((ACCOUNT_COUNT - 1))); do - SERVER_URL=$(jq -r ".Accounts[${i}].ImmichServerUrl" /data/options.json) - API_KEY=$(jq -r ".Accounts[${i}].ApiKey" /data/options.json) - # Escape single quotes for YAML single-quoted strings - SERVER_URL="${SERVER_URL//\'/\'\'}" - API_KEY="${API_KEY//\'/\'\'}" - echo " - ImmichServerUrl: '${SERVER_URL}'" - echo " ApiKey: '${API_KEY}'" - bashio::log.info " Account $((i + 1)): ${SERVER_URL}" + SRV="$(config_val ".Accounts[${i}].ImmichServerUrl")" + KEY="$(config_val ".Accounts[${i}].ApiKey")" + echo " - ImmichServerUrl: '${SRV//\'/\'\'}'" + echo " ApiKey: '${KEY//\'/\'\'}'" + + for opt in $ACCOUNT_SCHEMA_OPTS; do + if config_has ".Accounts[${i}].${opt}"; then + yaml_kv " " "$opt" "$(config_val ".Accounts[${i}].${opt}")" + fi + done + + # Apply account-level env_vars (only if not already set in this account's schema) + for key in "${!ACCOUNT_ENVS[@]}"; do + in_list "$key" " ImmichServerUrl ApiKey " && continue + if ! config_has ".Accounts[${i}].${key}"; then + yaml_kv " " "$key" "${ACCOUNT_ENVS[$key]}" + fi + done + + bashio::log.info " Account $((i + 1)): ${SRV}" done - } > "${SETTINGS_FILE}" - chmod 600 "${SETTINGS_FILE}" - bashio::log.info "Settings.yaml generated at ${SETTINGS_FILE}" -elif bashio::config.has_value 'ApiKey' && bashio::config.has_value 'ImmichServerUrl'; then - bashio::log.info "Using single account configuration" - SERVER_URL=$(bashio::config 'ImmichServerUrl') - API_KEY=$(bashio::config 'ApiKey') - # Escape single quotes for YAML single-quoted strings - SERVER_URL="${SERVER_URL//\'/\'\'}" - API_KEY="${API_KEY//\'/\'\'}" - { + + elif config_has '.ApiKey' && config_has '.ImmichServerUrl'; then + bashio::log.info "Using single account configuration" + SRV="$(config_val '.ImmichServerUrl')" + KEY="$(config_val '.ApiKey')" echo "Accounts:" - echo " - ImmichServerUrl: '${SERVER_URL}'" - echo " ApiKey: '${API_KEY}'" - } > "${SETTINGS_FILE}" - chmod 600 "${SETTINGS_FILE}" - bashio::log.info "Settings.yaml generated at ${SETTINGS_FILE}" -else - bashio::log.fatal "No accounts configured! Set either 'Accounts' list or both 'ApiKey' and 'ImmichServerUrl'" - exit 1 -fi + echo " - ImmichServerUrl: '${SRV//\'/\'\'}'" + echo " ApiKey: '${KEY//\'/\'\'}'" + + # Apply account-level env_vars to the single account + for key in "${!ACCOUNT_ENVS[@]}"; do + in_list "$key" " ImmichServerUrl ApiKey " && continue + yaml_kv " " "$key" "${ACCOUNT_ENVS[$key]}" + done + + elif [ -n "${ACCOUNT_ENVS[ImmichServerUrl]:-}" ] && [ -n "${ACCOUNT_ENVS[ApiKey]:-}" ]; then + bashio::log.info "Using account configuration from env_vars" + echo "Accounts:" + echo " - ImmichServerUrl: '${ACCOUNT_ENVS[ImmichServerUrl]//\'/\'\'}'" + echo " ApiKey: '${ACCOUNT_ENVS[ApiKey]//\'/\'\'}'" + + for key in "${!ACCOUNT_ENVS[@]}"; do + in_list "$key" " ImmichServerUrl ApiKey " && continue + yaml_kv " " "$key" "${ACCOUNT_ENVS[$key]}" + done + else + bashio::log.fatal "No accounts configured! Set either 'Accounts' list or both 'ApiKey' and 'ImmichServerUrl'" + exit 1 + fi + +} > "${SETTINGS_FILE}" +chmod 600 "${SETTINGS_FILE}" +bashio::log.info "Settings.yaml generated at ${SETTINGS_FILE}" + +# Log contents (mask sensitive values) +bashio::log.info "--- Generated Settings.yaml ---" +sed -E 's/(ApiKey:).*/\1 *****/;s/(AuthenticationSecret:).*/\1 *****/' "${SETTINGS_FILE}" | while IFS= read -r line; do + bashio::log.info "$line" +done +bashio::log.info "-------------------------------" export IMMICHFRAME_CONFIG_PATH=/config/Config exec dotnet ImmichFrame.WebApi.dll From 75750d46580066fe9faa9d6ca9a1672276037ac5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 17 Mar 2026 09:04:46 +0000 Subject: [PATCH 13/16] Mask WeatherApiKey in log output Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com> --- immich_frame/rootfs/etc/cont-init.d/99-run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/immich_frame/rootfs/etc/cont-init.d/99-run.sh b/immich_frame/rootfs/etc/cont-init.d/99-run.sh index 6abd7bae2..f1583ef9e 100755 --- a/immich_frame/rootfs/etc/cont-init.d/99-run.sh +++ b/immich_frame/rootfs/etc/cont-init.d/99-run.sh @@ -198,7 +198,7 @@ bashio::log.info "Settings.yaml generated at ${SETTINGS_FILE}" # Log contents (mask sensitive values) bashio::log.info "--- Generated Settings.yaml ---" -sed -E 's/(ApiKey:).*/\1 *****/;s/(AuthenticationSecret:).*/\1 *****/' "${SETTINGS_FILE}" | while IFS= read -r line; do +sed -E 's/(ApiKey:).*/\1 *****/;s/(AuthenticationSecret:).*/\1 *****/;s/(WeatherApiKey:).*/\1 *****/' "${SETTINGS_FILE}" | while IFS= read -r line; do bashio::log.info "$line" done bashio::log.info "-------------------------------" From d19357c060f081889f02e93fdb5525908d0cefd6 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 17 Mar 2026 17:22:57 +0000 Subject: [PATCH 14/16] GitHub bot : README updated --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b956787ba..3f34016f0 100644 --- a/README.md +++ b/README.md @@ -608,7 +608,7 @@ If you want to do add the repository manually, please follow the procedure highl ![smb][smb-badge] ![localdisks][localdisks-badge] -✓ ![image](https://api.iconify.design/mdi/wifi-check.svg) [NetAlertX](netalertx/) : 🖧🔍 WIFI / LAN scanner, intruder, and presence detector +✓ ![image](https://api.iconify.design/mdi/wifi-check.svg) [NetAlertX](netalertx/) : 🖧🔍 Centralized network visibility and continuous asset discovery.   ![Version](https://img.shields.io/badge/dynamic/yaml?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fnetalertx%2Fconfig.yaml) ![Update](https://img.shields.io/badge/dynamic/json?label=Updated&query=%24.last_update&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fnetalertx%2Fupdater.json) From e49cf12d1971ea7e48f3d7d39cd135e11355ab0e Mon Sep 17 00:00:00 2001 From: Alexandre <44178713+alexbelgium@users.noreply.github.com> Date: Wed, 18 Mar 2026 09:54:06 +0100 Subject: [PATCH 15/16] Update NETALERTX_DB and version in config.yaml --- netalertx/config.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/netalertx/config.yaml b/netalertx/config.yaml index a096163ef..eff4afb7e 100644 --- a/netalertx/config.yaml +++ b/netalertx/config.yaml @@ -26,11 +26,12 @@ environment: PUID: "20211" PGID: "20211" TZ: Europe/Berlin + NETALERTX_DATA: /config NETALERTX_CONFIG: /config/config - NETALERTX_DB: /config/db - TMP_DIR: /tmp/tmp NETALERTX_CONFIG_FILE: /config/config/app.conf + NETALERTX_DB: /config/db NETALERTX_DB_FILE: /config/db/app.db + TMP_DIR: /tmp/tmp SKIP_STARTUP_CHECKS: excessive capabilities.sh,appliance integrity.sh schema: TZ: str? @@ -40,4 +41,4 @@ slug: netalertx tmpfs: true udev: true url: https://github.com/alexbelgium/hassio-addons -version: "26.3.16-2" +version: "26.3.16-3" From 8b6a0462910609294fc76deebfc27d7b91438ec2 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 18 Mar 2026 08:56:10 +0000 Subject: [PATCH 16/16] GitHub bot: changelog --- netalertx/CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/netalertx/CHANGELOG.md b/netalertx/CHANGELOG.md index 521081dcc..34a2df330 100644 --- a/netalertx/CHANGELOG.md +++ b/netalertx/CHANGELOG.md @@ -1,3 +1,5 @@ +## 26.3.16-3 (18-03-2026) +- Minor bugs fixed ## 26.3.16-2 (17-03-2026) - Minor bugs fixed ## 26.3.16-1 (17-03-2026)