From 0bbe3560d7c4046c7ca799ab75171433cac9568e Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pascal.vizeli@syshack.ch>
Date: Thu, 21 Jun 2018 18:41:02 +0200
Subject: [PATCH] Add AppArmor to dnsmasq (#327)

* Add files via upload

* Update apparmor.txt

* Update config.json

* Create CHANGELOG.md
---
 dnsmasq/CHANGELOG.md |  4 ++++
 dnsmasq/apparmor.txt | 26 ++++++++++++++++++++++++++
 dnsmasq/config.json  |  2 +-
 3 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 dnsmasq/CHANGELOG.md
 create mode 100644 dnsmasq/apparmor.txt

diff --git a/dnsmasq/CHANGELOG.md b/dnsmasq/CHANGELOG.md
new file mode 100644
index 0000000..e22084f
--- /dev/null
+++ b/dnsmasq/CHANGELOG.md
@@ -0,0 +1,4 @@
+# Changelog
+
+## 1.1
+- Add AppArmor profile
diff --git a/dnsmasq/apparmor.txt b/dnsmasq/apparmor.txt
new file mode 100644
index 0000000..1feb8a2
--- /dev/null
+++ b/dnsmasq/apparmor.txt
@@ -0,0 +1,26 @@
+#include <tunables/global>
+
+profile dnsmasq flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+  capability net_bind_service,
+  capability setgid,
+  capability setuid,
+  capability dac_override,
+  network inet raw,
+  network inet6 raw,
+
+  /bin/busybox ix,
+  /bin/bash ix,
+  /usr/bin/jq ix,
+  /usr/sbin/dnsmasq ix,
+
+  /etc/dnsmasq.conf rw,
+  /{,var/}run/*dnsmasq*.pid w,
+  /{,var/}run/dnsmasq/ r,
+  /{,var/}run/dnsmasq/* rw,
+
+  /run.sh rix,
+  /data/** r,
+}
diff --git a/dnsmasq/config.json b/dnsmasq/config.json
index 99f682b..863c43f 100644
--- a/dnsmasq/config.json
+++ b/dnsmasq/config.json
@@ -1,6 +1,6 @@
 {
   "name": "Dnsmasq",
-  "version": "1.0",
+  "version": "1.1",
   "slug": "dnsmasq",
   "description": "A simple DNS server",
   "url": "https://home-assistant.io/addons/dnsmasq/",