From f8e7a135e43dc2e435fc722e1a1e266bf2ff238a Mon Sep 17 00:00:00 2001 From: j1nx Date: Wed, 7 Feb 2024 18:24:19 +0000 Subject: [PATCH] [All] Add --security-opt label=disable to the quadlet files --- .../home/ovos/.config/containers/systemd/hivemind-cli.container | 1 + .../ovos/.config/containers/systemd/hivemind-listener.container | 1 + .../home/ovos/.config/containers/systemd/ovos-audio.container | 1 + .../home/ovos/.config/containers/systemd/ovos-cli.container | 1 + .../home/ovos/.config/containers/systemd/ovos-core.container | 1 + .../ovos/.config/containers/systemd/ovos-gui-shell.container | 1 + .../ovos/.config/containers/systemd/ovos-gui-websocket.container | 1 + .../.config/containers/systemd/ovos-listener-dinkum.container | 1 + .../ovos/.config/containers/systemd/ovos-messagebus.container | 1 + .../home/ovos/.config/containers/systemd/ovos-phal.container | 1 + .../.config/containers/systemd/ovos-tts-server-piper.container | 1 + 11 files changed, 11 insertions(+) diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/hivemind-cli.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/hivemind-cli.container index 7c530fa0..05ea63ac 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/hivemind-cli.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/hivemind-cli.container @@ -16,6 +16,7 @@ HostName=hivemind-cli Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true Volume=%h/hivemind/config:/home/hivemind/.config/hivemind:z Volume=%h/hivemind/share:/home/hivemind/.local/share/hivemind:z diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/hivemind-listener.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/hivemind-listener.container index c804ae75..df2ba91f 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/hivemind-listener.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/hivemind-listener.container @@ -16,6 +16,7 @@ HostName=hivemind-listener Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true Volume=%h/hivemind/config:/home/hivemind/.config/hivemind:z Volume=%h/hivemind/share:/home/hivemind/.local/share/hivemind:z diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-audio.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-audio.container index eb1b7f99..5728a14d 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-audio.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-audio.container @@ -22,6 +22,7 @@ HostName=ovos-audio Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true EnvironmentFile=%h/.config/containers/env AddDevice=/dev/snd Volume=%h/ovos/config:/home/ovos/.config/mycroft diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-cli.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-cli.container index 191c9988..53fbad2b 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-cli.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-cli.container @@ -14,6 +14,7 @@ HostName=ovos-cli Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true Volume=%h/ovos/config:/home/ovos/.config/mycroft Volume=%h/ovos/tmp:/tmp Volume=ovos_local_state:/home/ovos/.local/state/mycroft diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-core.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-core.container index b719d529..02ccf9de 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-core.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-core.container @@ -22,6 +22,7 @@ HostName=ovos-core Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true EnvironmentFile=%h/.config/containers/env AddDevice=/dev/snd Volume=%h/ovos/config:/home/ovos/.config/mycroft diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-gui-shell.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-gui-shell.container index f4f7a8da..ee434697 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-gui-shell.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-gui-shell.container @@ -22,6 +22,7 @@ HostName=ovos-gui-shell Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true EnvironmentFile=%h/.config/containers/env AddDevice=/dev/snd AddDevice=/dev/dri diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-gui-websocket.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-gui-websocket.container index 2f9493c8..c8c3c880 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-gui-websocket.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-gui-websocket.container @@ -18,6 +18,7 @@ HostName=ovos-gui-websocket Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true Volume=%h/ovos/config:/home/ovos/.config/mycroft:ro Volume=%h/ovos/tmp:/tmp Volume=ovos_gui_files:/home/ovos/.cache/ovos_gui_file_server diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-listener-dinkum.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-listener-dinkum.container index d56cab61..11915dd6 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-listener-dinkum.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-listener-dinkum.container @@ -22,6 +22,7 @@ HostName=ovos-listener-dinkum Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true EnvironmentFile=%h/.config/containers/env AddDevice=/dev/snd Volume=%h/ovos/config:/home/ovos/.config/mycroft:ro diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-messagebus.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-messagebus.container index 856c1065..8ba6bb18 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-messagebus.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-messagebus.container @@ -14,6 +14,7 @@ HostName=ovos-messagebus Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true Volume=%h/ovos/config:/home/ovos/.config/mycroft:ro Volume=ovos_local_state:/home/ovos/.local/state/mycroft Volume=%h/ovos/tmp:/tmp diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-phal.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-phal.container index b3a2d5aa..68f3d9e4 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-phal.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-phal.container @@ -20,6 +20,7 @@ HostName=ovos-phal Network=host Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true EnvironmentFile=%h/.config/containers/env AddDevice=/dev/snd Volume=%h/ovos/config:/home/ovos/.config/mycroft diff --git a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-tts-server-piper.container b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-tts-server-piper.container index 708b6f11..7f535af3 100644 --- a/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-tts-server-piper.container +++ b/buildroot-external/rootfs-overlay/home/ovos/.config/containers/systemd/ovos-tts-server-piper.container @@ -15,6 +15,7 @@ Network=host PublishPort=8089-9666 Timezone=local UserNS=keep-id:uid=%U,gid=%G +SecurityLabelDisable=true EnvironmentFile=%h/.config/containers/env Volume=%h/ovos/config:/home/ovos/.config/mycroft:ro,z Volume=ovos_tts_piper_cache:/home/ovos/.local/share/piper_tts