From 4ec01abfce896ee4719c3a1d9bdcaf8bde81df4a Mon Sep 17 00:00:00 2001
From: Stefan Allius <stefan.allius@t-online.de>
Date: Tue, 25 Feb 2025 18:56:47 +0100
Subject: [PATCH] test costumer apparmor

---
 ha_addon_debug/apparmor.txt | 52 +++++++++++++++++++++++++++++++++++++
 ha_addon_debug/config.yaml  |  5 ++--
 2 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 ha_addon_debug/apparmor.txt

diff --git a/ha_addon_debug/apparmor.txt b/ha_addon_debug/apparmor.txt
new file mode 100644
index 0000000..ce5a661
--- /dev/null
+++ b/ha_addon_debug/apparmor.txt
@@ -0,0 +1,52 @@
+#include <tunables/global>
+
+profile tsun-proxy-debug flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+
+  # Capabilities
+  file,
+  signal (send) set=(kill,term,int,hup,cont),
+
+  # S6-Overlay
+  /init ix,
+  /bin/** ix,
+  /usr/bin/** ix,
+  /run/{s6,s6-rc*,service}/** ix,
+  /package/** ix,
+  /command/** ix,
+  /etc/services.d/** rwix,
+  /etc/cont-init.d/** rwix,
+  /etc/cont-finish.d/** rwix,
+  /run/{,**} rwk,
+  /dev/tty rw,
+
+  # Bashio
+  /usr/lib/bashio/** ix,
+  /tmp/** rwk,
+
+  # Access to options.json and other files within your addon
+  /data/** rw,
+
+  # Start new profile for service
+  /usr/bin/myprogram cx -> myprogram,
+
+  profile myprogram flags=(attach_disconnected,mediate_deleted) {
+    #include <abstractions/base>
+
+    # Receive signals from S6-Overlay
+    signal (receive) peer=*_ADDON_SLUG,
+
+    # Access to options.json and other files within your addon
+    /data/** rw,
+
+    # Access to mapped volumes specified in config.json
+    /share/** rw,
+
+    # Access required for service functionality
+    /usr/bin/myprogram r,
+    /bin/bash rix,
+    /bin/echo ix,
+    /etc/passwd r,
+    /dev/tty rw,
+  }
+}
\ No newline at end of file
diff --git a/ha_addon_debug/config.yaml b/ha_addon_debug/config.yaml
index 93e76e3..7a9779b 100644
--- a/ha_addon_debug/config.yaml
+++ b/ha_addon_debug/config.yaml
@@ -1,6 +1,6 @@
 name: TSUN-Proxy (Debug)
 description: MQTT Proxy for TSUN Photovoltaic Inverters with Debug Logging
-version:  0.13.0-debug-2502242257 
+version:  0.13.0-debug-2502250012 
 image: docker.io/sallius/tsun-gen3-addon
 url: https://github.com/s-allius/tsun-gen3-proxy
 slug: tsun-proxy-debug
@@ -24,7 +24,8 @@ ports:
   5005/tcp: 5005
   10000/tcp: 10000
 
-watchdog: "http://[HOST]:[PORT:8127]/-/healthy"
+# FIXME: we disabled the watchdog due to exceptions in the ha supervisor. See: https://github.com/s-allius/tsun-gen3-proxy/issues/249
+# watchdog: "http://[HOST]:[PORT:8127]/-/healthy"
 
 # Definition of parameters in the configuration tab of the addon
 # parameters are available within the container as /data/options.json