avm/hassio-addons
1
0
Fork 0
mirror of https://github.com/alexbelgium/hassio-addons.git synced 2026-05-21 00:01:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: avm:71b96dcb8eb9bb5ac79844414735dec054bf840a
Branches Tags
avm:master avm:claude/review-env-vars-injection-TyPAx avm:copilot/fix-vpn-endpoint-route-recursion avm:copilot/update-vpn-helper-script avm:copilot/fix-recursive-routing-issue avm:copilot/fix-vpn-endpoint-route avm:claude/fix-recursive-routing-drops-lPto4 avm:copilot/fix-qbittorrent-nox-error avm:copilot/update-seafile-configuration avm:copilot/fix-access-denied-mariadb-issue avm:copilot/fix-ui-show-birdnet-pipy avm:copilot/fix-claude-md-documentation avm:copilot/fix-immich-frame-config-problems avm:copilot/fix-nginx-space-search-issue avm:copilot/fix-ingress-404-error avm:copilot/fix-immich-startup-issue avm:copilot/fix-openvpn-connection-issue avm:copilot/fix-browserless-token-issue avm:codex/fix-issue-2534-in-hassio-addons avm:copilot/fix-sonarr-runtime-error avm:copilot/update-nginx-rewrite-api-url avm:create-pull-request/patch-1763858143 avm:copilot/harden-bootstrap-script
...
compare: avm:965a26e306e650e7e3d5ccabda49d2e65a5d3346
Branches Tags
avm:master avm:claude/review-env-vars-injection-TyPAx avm:copilot/fix-vpn-endpoint-route-recursion avm:copilot/update-vpn-helper-script avm:copilot/fix-recursive-routing-issue avm:copilot/fix-vpn-endpoint-route avm:claude/fix-recursive-routing-drops-lPto4 avm:copilot/fix-qbittorrent-nox-error avm:copilot/update-seafile-configuration avm:copilot/fix-access-denied-mariadb-issue avm:copilot/fix-ui-show-birdnet-pipy avm:copilot/fix-claude-md-documentation avm:copilot/fix-immich-frame-config-problems avm:copilot/fix-nginx-space-search-issue avm:copilot/fix-ingress-404-error avm:copilot/fix-immich-startup-issue avm:copilot/fix-openvpn-connection-issue avm:copilot/fix-browserless-token-issue avm:codex/fix-issue-2534-in-hassio-addons avm:copilot/fix-sonarr-runtime-error avm:copilot/update-nginx-rewrite-api-url avm:create-pull-request/patch-1763858143 avm:copilot/harden-bootstrap-script

12 Commits
71b96dcb8e ... 965a26e306

Author SHA1 Message Date
Alexandre
965a26e306 Merge pull request #2587 from alexbelgium/copilot/review-apparmor-permissions-addons 
Replace blanket AppArmor `capability,` with specific per-addon capabilities
 2026-03-17 09:09:09 +01:00
copilot-swe-agent[bot]
3c53e69161 Replace blanket capability, with specific capabilities in all AppArmor profiles 
Remove overly permissive blanket `capability,` rule (grants ALL Linux
capabilities) from 107 addon AppArmor profiles. Replace with only the
specific capabilities each addon needs based on its config.yaml
`privileged` field.

Base capabilities for all addons: setuid, setgid, chown, fowner, dac_override
Additional capabilities mapped from config.yaml privileged list:
- SYS_ADMIN -> sys_admin
- DAC_READ_SEARCH -> dac_read_search
- NET_ADMIN -> net_admin
- NET_RAW -> net_raw
- SYS_RAWIO -> sys_rawio
- SYS_TIME -> sys_time
- SYS_RESOURCE -> sys_resource

Addons with full_access: true (portainer_agent) retain blanket capability.

Co-authored-by: alexbelgium <44178713+alexbelgium@users.noreply.github.com>
 2026-03-17 07:42:05 +00:00
Alexandre
3ae0bbb9ba nobuild corrext 2026-03-17 08:33:19 +01:00
copilot-swe-agent[bot]
8156916179 Initial plan 2026-03-17 07:33:06 +00:00
Alexandre
92369f4607 nobuild 2026-03-17 08:31:13 +01:00
github-actions
8870083a45 GitHub bot: changelog 2026-03-17 07:29:21 +00:00
Alexandre
317d13c294 nobuild 
Added TMP_DIR and updated NETALERTX_CONFIG_FILE and NETALERTX_DB_FILE paths.
 2026-03-17 08:29:13 +01:00
Alexandre
34ea41913e Use /config for location to allow access 2026-03-17 08:27:07 +01:00
github-actions
0ed5974d1a GitHub bot: changelog 2026-03-17 06:06:28 +00:00
Alexandre
66be252470 Merge pull request #2585 from adamoutler/master 
Fix: correct multiple configuration issues in NetAlertX
 2026-03-17 07:03:54 +01:00
root
382988a9e7 lint issues 2026-03-16 16:15:40 -04:00
root
1ebaf6e011 Update with proper configuration 2026-03-16 15:04:32 -04:00
111 changed files with 684 additions and 742 deletions
Expand all files Collapse all files

14
arpspoof/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile arpspoof_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile arpspoof_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
autobrr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile autobrr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile autobrr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
baikal/apparmor.txt
View File

@@ -4,7 +4,11 @@
profile baikal_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -19,12 +23,6 @@ profile baikal_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
battybirdnet-pi/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile battybirdnet-pi_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile battybirdnet-pi_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
bazarr/apparmor.txt
View File

@@ -4,7 +4,13 @@
profile bazarr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -19,12 +25,6 @@ profile bazarr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
binance-trading-bot/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_binance-trading-bot flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_binance-trading-bot flags=(attach_disconnected,mediate_deleted)
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

15
birdnet-go/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile db21ed7f_birdnet-go flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
capability sys_resource,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile db21ed7f_birdnet-go flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
birdnet-pi/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile birdnet-pi_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile birdnet-pi_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

10
birdnet-pipy/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile birdnet-pipy_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,10 +22,6 @@ profile birdnet-pipy_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# S6-Overlay
/init ix,

12
bitwarden/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile bitwarden_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile bitwarden_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
booksonic_air/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile booksonic-air_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile booksonic-air_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
browser_chromium/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile chromium_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile chromium_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
browserless_chrome/apparmor.txt
View File

@@ -4,7 +4,11 @@
profile browserlesschrome_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -19,12 +23,6 @@ profile browserlesschrome_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

15
calibre/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile calibre_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability net_admin,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile calibre_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

15
calibre_web/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile calibre-web_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability net_admin,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile calibre-web_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
changedetection.io/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile addon_db21ed7f_changedetection.io_nas flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile addon_db21ed7f_changedetection.io_nas flags=(attach_disconnected,mediate
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
cleanuparr/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile cleanuparr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile cleanuparr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
cloudcommander/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile cloudcommander_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile cloudcommander_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
codex/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_codex flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_codex flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
collabora/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile collabora_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile collabora_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
comixed/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
elasticsearch/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

14
emby/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile addon_db21ed7f_emby_nas flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile addon_db21ed7f_emby_nas flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
emby_beta/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile addon_db21ed7f_emby_nas flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile addon_db21ed7f_emby_nas flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
enedisgateway2mqtt/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

8
enedisgateway2mqtt_dev/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

14
ente/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
epicgamesfree/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile epicgamesfree_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile epicgamesfree_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
filebrowser/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
filebrowser_quantum/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
fireflyiii/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile fireflyiii_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile fireflyiii_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
fireflyiii_data_importer/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile fireflyiii_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile fireflyiii_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
fireflyiii_fints_importer/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile fireflyiii_fints_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile fireflyiii_fints_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
flaresolverr/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile joplin flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile joplin flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
capability sys_rawio,
# S6-Overlay
/init ix,

8
flexget/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile flexget_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile flexget_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

12
free_games_claimer/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile free_games_claimer_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile free_games_claimer_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
gazpar2mqtt/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

12
gitea/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile gitea_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile gitea_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
grampsweb/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile grampsweb_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile grampsweb_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
grav/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile grav_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile grav_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
guacamole/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile guacamole_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile guacamole_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
immich/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
immich_frame/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile db21ed7f_immich_frame flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile db21ed7f_immich_frame flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
immich_power_tools/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile db21ed7f_immich_power_tools flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile db21ed7f_immich_power_tools flags=(attach_disconnected,mediate_deleted)
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
inadyn/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile inadyn_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

14
jackett/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile jackett_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile jackett_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

15
jellyfin/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile addon_db21ed7f_jellyfin_nas flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability net_admin,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile addon_db21ed7f_jellyfin_nas flags=(attach_disconnected,mediate_deleted)
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability sys_rawio,
capability dac_read_search,
# capability dac_override,
# S6-Overlay
/init ix,

8
joal/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile joal_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile joal_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

13
joplin/apparmor.txt
View File

@@ -3,7 +3,12 @@
profile joplin flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
capability sys_time,
file,
signal,
mount,
@@ -18,12 +23,6 @@ profile joplin flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
capability sys_rawio,
# S6-Overlay
/init ix,

14
kometa/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile kometa_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile kometa_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
librespeed/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile librespeed_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile librespeed_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
lidarr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile radarr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile radarr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
linkwarden/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile linkwarden_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile linkwarden_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
maintainerr/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile maintainerr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile maintainerr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

6
manyfold/apparmor.txt
View File

@@ -10,7 +10,11 @@ profile hassio-addons/manyfold flags=(attach_disconnected,mediate_deleted) {
# denying known high-risk kernel interfaces.
file,
network,
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
deny /proc/kcore rwklx,
deny /proc/sysrq-trigger rwklx,

8
mealie/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile mealie_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile mealie_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

12
monica/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile monica_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile monica_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
mylar3/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile mylar3_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile mylar3_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
navidrome/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile navidrome_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile navidrome_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

4
netalertx/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 26.3.16-2 (17-03-2026)
- Minor bugs fixed
## 26.3.16-1 (17-03-2026)
- Minor bugs fixed
## 26.3.7-3 (07-03-2026)
- Minor bugs fixed
## 26.3.7-2 (07-03-2026)

54
netalertx/apparmor.txt
View File

@@ -3,35 +3,25 @@
profile netalertx_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability net_admin,
capability net_raw,
capability setgid,
capability setuid,
file,
signal,
mount,
umount,
remount,
network udp,
network tcp,
network dgram,
network stream,
network inet,
network inet6,
network netlink raw,
network unix dgram,
umount,
network,
ptrace,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,
/run/{s6,s6-rc*,service}/** ix,
/package/** ix,
/command/** ix,
/run/{,**} rwk,
/dev/tty rw,
/bin/** ix,
/usr/bin/** ix,
/usr/lib/bashio/** ix,
@@ -40,27 +30,5 @@ profile netalertx_addon flags=(attach_disconnected,mediate_deleted) {
/etc/services.d/** rwix,
/etc/cont-init.d/** rwix,
/etc/cont-finish.d/** rwix,
/init rix,
/var/run/** mrwkl,
/var/run/ mrwkl,
/dev/i2c-1 mrwkl,
# Files required
/dev/fuse mrwkl,
/dev/sda1 mrwkl,
/dev/sdb1 mrwkl,
/dev/nvme0 mrwkl,
/dev/nvme1 mrwkl,
/dev/mmcblk0p1 mrwkl,
/dev/* mrwkl,
/tmp/** mrkwl,
# Data access
/data/** rw,
# suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
ptrace (trace,read) peer=docker-default,
# docker daemon confinement requires explict allow rule for signal
signal (receive) set=(kill,term) peer=/usr/bin/docker,
}

40
netalertx/config.yaml
View File

@@ -1,48 +1,38 @@
arch:
- aarch64
- amd64
description: "\U0001F5A7\U0001F50D WIFI / LAN scanner, intruder, and presence detector"
environment:
PGID: "20211"
PORT: "20211"
PUID: "20211"
TZ: Europe/Berlin
NETALERTX_DATA: /config
NETALERTX_CONFIG: /config/config
NETALERTX_DB: /config/db
TMP_DIR: /tmp/tmp
NETALERTX_CONFIG_FILE: /config/config/app.conf
NETALERTX_DB_FILE: /config/db/app.db
description: "\U0001F5A7\U0001F50D Centralized network visibility and continuous asset discovery."
hassio_api: true
host_network: true
image: ghcr.io/alexbelgium/netalertx-{arch}
ingress: true
ingress_port: 0
ingress_port: 20211
ingress_stream: true
init: false
map:
- addon_config:rw
- media:rw
- share:rw
- ssl
name: NetAlertX
options:
env_vars: []
panel_icon: mdi:wifi-check
ports:
20211/tcp: 20211
20212/tcp: 20212
ports_description:
20211/tcp: WebUI port
20212/tcp: GraphQL port
20211/tcp: NetAlertX WebUI port
20212/tcp: GraphQL & MCP port
privileged:
- NET_ADMIN
- NET_RAW
environment:
PUID: "20211"
PGID: "20211"
TZ: Europe/Berlin
NETALERTX_CONFIG: /config/config
NETALERTX_DB: /config/db
TMP_DIR: /tmp/tmp
NETALERTX_CONFIG_FILE: /config/config/app.conf
NETALERTX_DB_FILE: /config/db/app.db
SKIP_STARTUP_CHECKS: excessive capabilities.sh,appliance integrity.sh
schema:
env_vars:
- name: match(^[A-Za-z0-9_]+$)
value: str?
APP_CONF_OVERRIDE: str?
TZ: str?
services:
- mqtt:want
@@ -50,4 +40,4 @@ slug: netalertx
tmpfs: true
udev: true
url: https://github.com/alexbelgium/hassio-addons
version: "26.2.6-4"
version: "26.3.16-2"

13
netalertx/rootfs/etc/cont-init.d/91-configure.sh
View File

@@ -6,12 +6,11 @@ set -e
# Update structure #
####################
APP_UID=20211
# 1. Fix the directories
for folder in /tmp/run/tmp /tmp/api /tmp/log /tmp/run /tmp/nginx/active-config "$TMP_DIR" "$NETALERTX_DATA" "$NETALERTX_DB" "$NETALERTX_CONFIG"; do
for folder in /tmp/run/tmp /tmp/api /tmp/log /tmp/run /tmp/nginx/active-config "${TMP_DIR:-/tmp}" "${NETALERTX_DATA:-/data}" "${NETALERTX_DB:-/data/db}" "${NETALERTX_CONFIG:-/data/config}"; do
mkdir -p "$folder"
chown -R $APP_UID:$APP_UID "$folder"
chown -R "${PUID}":"${PGID}" "$folder"
chmod -R 755 "$folder"
done
@@ -22,13 +21,17 @@ chmod 666 /dev/stdout /dev/stderr
# 3. Pre-create and chown log files
touch /tmp/log/app.php_errors.log /tmp/log/cron.log /tmp/log/stdout.log /tmp/log/stderr.log
chown $APP_UID:$APP_UID /tmp/log/*.log
chown "${PUID}":"${PGID}" /tmp/log/*.log
# 4. Create Symlinks
for item in db config; do
# ADD THESE TWO LINES: Ensure the target exists and is owned by 20211
mkdir -p "/config/$item"
chown -R "${PUID}":"${PGID}" "/config/$item"
rm -rf "/data/$item"
ln -sf "/config/$item" "/data/$item"
chown -R $APP_UID:$APP_UID "/data/$item"
chown -R "${PUID}":"${PGID}" "/data/$item"
chmod -R 755 "/data/$item"
done

2
netalertx/rootfs/etc/cont-init.d/99-run.sh
View File

@@ -3,4 +3,4 @@
set -e
bashio::log.info "Starting upstream app"
gosu netalertx /entrypoint.sh
/root-entrypoint.sh

14
nextcloud/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile nextcloud_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile nextcloud_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
nzbget/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile nzbget_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile nzbget_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

6
omni-tools/apparmor.txt
View File

@@ -4,7 +4,11 @@ profile omni-tools flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
# Capabilities
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal (send) set=(kill,term,int,hup,cont),

12
openproject/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile openproject_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile openproject_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
organizr/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile organizr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,8 +22,6 @@ profile organizr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

15
photoprism/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile photoprism flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
capability sys_rawio,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile photoprism flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability dac_override,
capability sys_admin,
capability dac_read_search,
capability sys_rawio,
# S6-Overlay
/init ix,

14
piwigo/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile piwigo_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile piwigo_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
plex/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile addon_db21ed7f_plex_nas flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile addon_db21ed7f_plex_nas flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
portainer/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile portainer_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile portainer_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

12
postgres_15/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile postgres_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile postgres_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
prowlarr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile prowlarr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile prowlarr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

19
qbittorrent/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability net_admin,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,16 +25,6 @@ profile db21ed7f_qbittorrent flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability chown,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability net_admin,
capability dac_override,
capability net_bind_service,
capability net_broadcast,
capability sys_rawio,
# S6-Overlay
/init ix,

14
radarr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile radarr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile radarr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
readarr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile readarr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile readarr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
requestrr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile requestrr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile requestrr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

15
resiliosync/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile resiliosync_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability net_admin,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile resiliosync_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
sabnzbd/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile sabnzbd_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile sabnzbd_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

15
scrutiny/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile db21ed7f_scrutiny flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
capability sys_rawio,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile db21ed7f_scrutiny flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability dac_override,
capability sys_admin,
capability dac_read_search,
capability sys_rawio,
# S6-Overlay
/init ix,

15
seafile/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile seafile_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability net_admin,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile seafile_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
seerr/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile seerr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile seerr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
social_to_mealie/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile social_to_mealie_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile social_to_mealie_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
sonarr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile sonarr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile sonarr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
spotweb/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile spotweb_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile spotweb_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

8
tandoor_recipes/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile tandoor_recipes_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile tandoor_recipes_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

14
tdarr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_tdarr flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_tdarr flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
teamspeak/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile teamspeak_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile teamspeak_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

14
transmission/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile db21ed7f_transmission flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile db21ed7f_transmission flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

15
transmission_openvpn/apparmor.txt
View File

@@ -3,7 +3,14 @@
profile db21ed7f_transmission_openvpn flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability net_admin,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +25,6 @@ profile db21ed7f_transmission_openvpn flags=(attach_disconnected,mediate_deleted
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
ubooquity/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile ubooquity_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile ubooquity_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
unpackerr/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile unpackerr_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile unpackerr_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

14
webtop_kde/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile webtop_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -18,12 +24,6 @@ profile webtop_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

10
webtrees/apparmor.txt
View File

@@ -3,7 +3,13 @@
profile webtrees_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability setgid,
capability setuid,
capability sys_admin,
file,
signal,
mount,
@@ -17,8 +23,6 @@ profile webtrees_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

8
wger/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile wger_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile wger_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

12
whatsapper/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile gitea_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile gitea_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

12
whoogle/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile whoogle-search_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -18,12 +22,6 @@ profile whoogle-search_addon flags=(attach_disconnected,mediate_deleted) {
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
capability sys_admin,
capability dac_read_search,
# capability dac_override,
# capability sys_rawio,
# S6-Overlay
/init ix,

8
xteve/apparmor.txt
View File

@@ -3,7 +3,11 @@
profile xteve_addon flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
capability,
capability chown,
capability dac_override,
capability fowner,
capability setgid,
capability setuid,
file,
signal,
mount,
@@ -17,8 +21,6 @@ profile xteve_addon flags=(attach_disconnected,mediate_deleted) {
network inet6,
network netlink raw,
network unix dgram,
capability setgid,
capability setuid,
# S6-Overlay

Some files were not shown because too many files have changed in this diff Show More