From 76893f6695cc6decd76bd0db01b102109b6ed797 Mon Sep 17 00:00:00 2001
From: Tim Stanley <timstanley1985@gmail.com>
Date: Sat, 22 Jan 2022 08:02:33 +0000
Subject: [PATCH] Add apparmor.txt

---
 ebusd/CHANGELOG.md |  1 +
 ebusd/apparmor.txt | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 ebusd/apparmor.txt

diff --git a/ebusd/CHANGELOG.md b/ebusd/CHANGELOG.md
index bff495c..36b61b5 100644
--- a/ebusd/CHANGELOG.md
+++ b/ebusd/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Next release
 
 - IMPROVE: Improve logic in run.sh
+- IMPROVE: Add apparmour.txt
 
 ## 0.86
 
diff --git a/ebusd/apparmor.txt b/ebusd/apparmor.txt
new file mode 100644
index 0000000..5ba406c
--- /dev/null
+++ b/ebusd/apparmor.txt
@@ -0,0 +1,26 @@
+#include <tunables/global>
+profile ebusd flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  
+  # Capabilities
+  file, signal,
+  # S6-Overlay
+  /init rix, /bin/** ix, /usr/bin/** ix, /etc/s6/** rix, /run/s6/** 
+  rwix, /etc/services.d/** rwix, /etc/cont-init.d/** rwix, 
+  /etc/cont-finish.d/** rwix, /run/** rwk,
+  # Bashio
+  /usr/lib/bashio/** ix, /tmp/** rw,
+  # Access to options.json and other files within your addon
+  /data/** rw,
+  
+  # Start new profile for service
+  /usr/bin/myprogram cx,
+  
+  profile /usr/bin/ebusd flags=(attach_disconnected,mediate_deleted) 
+  {
+    #include <abstractions/base>
+    
+    # Receive signals from S6-Overlay
+    signal receive,
+  }
+}