From a6674e0e3e05b341c2f187b86036a641d3fea615 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franc=CC=A7ois=20Bonelle?= Date: Sat, 18 Jun 2022 16:29:53 +0200 Subject: [PATCH] Update --- telegraf/apparmor.txt | 52 +++++++++++++++++++ telegraf/build.yaml | 12 ++--- telegraf/rootfs/bin/s6-nuke | 2 +- .../rootfs/etc/services.d/telegraf/finish | 3 +- telegraf/rootfs/etc/services.d/telegraf/run | 0 5 files changed, 61 insertions(+), 8 deletions(-) create mode 100644 telegraf/apparmor.txt mode change 100755 => 100644 telegraf/rootfs/etc/services.d/telegraf/run diff --git a/telegraf/apparmor.txt b/telegraf/apparmor.txt new file mode 100644 index 0000000..3e887c3 --- /dev/null +++ b/telegraf/apparmor.txt @@ -0,0 +1,52 @@ +#include + +profile hassio_telegraf flags=(attach_disconnected,mediate_deleted) { + #include + + # Capabilities + file, + signal (send) set=(kill,term,int,hup,cont), + + # S6-Overlay + /init ix, + /bin/** ix, + /usr/bin/** ix, + /run/{s6,s6-rc*,service}/** ix, + /package/** ix, + /command/** ix, + /etc/services.d/** rwix, + /etc/cont-init.d/** rwix, + /etc/cont-finish.d/** rwix, + /run/{,**} rwk, + /dev/tty rw, + + # Bashio + /usr/lib/bashio/** ix, + /tmp/** rwk, + + # Access to options.json and other files within your addon + /data/** rw, + + # Start new profile for service + /usr/bin/myprogram cx -> myprogram, + + profile myprogram flags=(attach_disconnected,mediate_deleted) { + #include + + # Receive signals from S6-Overlay + signal (receive) peer=*_ADDON_SLUG, + + # Access to options.json and other files within your addon + /data/** rw, + + # Access to mapped volumes specified in config.json + /share/** rw, + + # Access required for service functionality + /usr/bin/myprogram r, + /bin/bash rix, + /bin/echo ix, + /etc/passwd r, + /dev/tty rw, + } +} \ No newline at end of file diff --git a/telegraf/build.yaml b/telegraf/build.yaml index cc24e2d..07593db 100644 --- a/telegraf/build.yaml +++ b/telegraf/build.yaml @@ -1,8 +1,8 @@ build_from: - aarch64: ghcr.io/hassio-addons/debian-base/aarch64:5.3.1 - amd64: ghcr.io/hassio-addons/debian-base/amd64:5.3.1 - armhf: ghcr.io/hassio-addons/debian-base/armhf:5.3.1 - armv7: ghcr.io/hassio-addons/debian-base/armv7:5.3.1 - i386: ghcr.io/hassio-addons/debian-base/i386:5.3.1 + aarch64: ghcr.io/hassio-addons/debian-base/aarch64:6.0.0 + amd64: ghcr.io/hassio-addons/debian-base/amd64:6.0.0 + armhf: ghcr.io/hassio-addons/debian-base/armhf:6.0.0 + armv7: ghcr.io/hassio-addons/debian-base/armv7:6.0.0 + i386: ghcr.io/hassio-addons/debian-base/i386:6.0.0 args: - TELEGRAF_VERSION: 1.22.4 \ No newline at end of file + TELEGRAF_VERSION: 1.23.0 \ No newline at end of file diff --git a/telegraf/rootfs/bin/s6-nuke b/telegraf/rootfs/bin/s6-nuke index 73e8e48..ddd4072 100644 --- a/telegraf/rootfs/bin/s6-nuke +++ b/telegraf/rootfs/bin/s6-nuke @@ -1,6 +1,6 @@ #!/usr/bin/env bash # ============================================================================== -# Home Assistant Community Add-on: Glances +# Home Assistant Community Add-on: # This file turns s6-nuke into a NOOP to prevent total termination # of the host system since the add-on runs in the same PID namespace. # ============================================================================== diff --git a/telegraf/rootfs/etc/services.d/telegraf/finish b/telegraf/rootfs/etc/services.d/telegraf/finish index b5d69f4..3d3be15 100644 --- a/telegraf/rootfs/etc/services.d/telegraf/finish +++ b/telegraf/rootfs/etc/services.d/telegraf/finish @@ -5,4 +5,5 @@ if -n { s6-test $# -ne 0 } if -n { s6-test ${1} -eq 256 } -s6-svscanctl -t /var/run/s6/services +#s6-svscanctl -t /var/run/s6/services +/run/s6/basedir/bin/halt \ No newline at end of file diff --git a/telegraf/rootfs/etc/services.d/telegraf/run b/telegraf/rootfs/etc/services.d/telegraf/run old mode 100755 new mode 100644