From ade58ac660caac8699c1989817417d7848b788c7 Mon Sep 17 00:00:00 2001 From: fabio-garavini Date: Sun, 19 Jan 2025 13:40:16 +0100 Subject: [PATCH] cloudflared enabled apparmor --- cloudflared/apparmor.txt | 34 ++++++++++++++++++++++++++ cloudflared/config.yaml | 3 ++- cloudflared/{ => rootfs}/entrypoint.sh | 0 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 cloudflared/apparmor.txt rename cloudflared/{ => rootfs}/entrypoint.sh (100%) diff --git a/cloudflared/apparmor.txt b/cloudflared/apparmor.txt new file mode 100644 index 0000000..1469e1a --- /dev/null +++ b/cloudflared/apparmor.txt @@ -0,0 +1,34 @@ +#include + +profile cloudflared flags=(attach_disconnected,mediate_deleted) { + #include + + # Capabilities + file, + signal (send) set=(kill,term,int,hup,cont), + + # S6-Overlay + /init ix, + /bin/** ix, + /usr/bin/** ix, + /run/{s6,s6-rc*,service}/** ix, + /package/** ix, + /command/** ix, + /etc/services.d/** rwix, + /etc/cont-init.d/** rwix, + /etc/cont-finish.d/** rwix, + /run/{,**} rwk, + /dev/tty rw, + + # Bashio + /usr/lib/bashio/** ix, + /tmp/** rwk, + + # Access to options.json and other files within your addon + /data/** rw, + /config/** rw, + /root/** rw, + + # Service + /usr/local/bin/cloudflared ix, +} \ No newline at end of file diff --git a/cloudflared/config.yaml b/cloudflared/config.yaml index e6f1737..111e741 100644 --- a/cloudflared/config.yaml +++ b/cloudflared/config.yaml @@ -1,8 +1,9 @@ name: Cloudflared -version: "2025.1.0-v0" +version: "2025.1.0-v1" slug: cloudflared codenotary: info@fabiogaravini.dev description: Cloudflare tunneling and Zero Trust service +apparmor: true arch: - aarch64 - amd64 diff --git a/cloudflared/entrypoint.sh b/cloudflared/rootfs/entrypoint.sh similarity index 100% rename from cloudflared/entrypoint.sh rename to cloudflared/rootfs/entrypoint.sh