From 6121623940fe799f6f87b9610bc8d27faf76fc81 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sun, 4 Sep 2022 12:19:26 +0200 Subject: [PATCH 1/4] Tune systemd restrictions to allow USB and network communication --- conf/systemd.service | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index e0b498e..e53c8e1 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -18,7 +18,8 @@ StandardError=inherit # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes PrivateTmp=yes -PrivateDevices=yes +# Remove to allow the app to talk to USB devices +#PrivateDevices=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes @@ -28,7 +29,8 @@ ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap +# @setuid removed from the list because it is needed by some network utilities (ping) +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @swap # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html From 03c229fd1dd281ccf4b65e42c853856dc2de7e50 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sun, 4 Sep 2022 12:19:56 +0200 Subject: [PATCH 2/4] Bump package version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 5e59434..1c1d9c3 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Flow-based programming for the Internet of Things", "fr": "Programmation par flux de données pour l'Internet des objets" }, - "version": "3.0.2~ynh1", + "version": "3.0.2~ynh2", "url": "https://nodered.org", "upstream": { "license": "Apache-2.0", From b71bc0ca3a170bccebeb45453689285dee53343c Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 4 Sep 2022 10:20:05 +0000 Subject: [PATCH 3/4] Auto-update README --- README.md | 3 ++- README_fr.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5a25a0d..eb27021 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,8 @@ logging: { // replace the default logging option ...defaultSettings.logging, // You can check the default settings Yunohost generates at `/opt/yunohost/nodered/data/settings.js` and find the documentation for configuring Node-RED here: https://nodered.org/docs/user-guide/runtime/configuration -**Shipped version:** 3.0.2~ynh1 +**Shipped version:** 3.0.2~ynh2 + ## Screenshots diff --git a/README_fr.md b/README_fr.md index 2b6b0f9..74cf202 100644 --- a/README_fr.md +++ b/README_fr.md @@ -49,7 +49,8 @@ module.exports = (defaultSettings) => ({ Vous pouvez consulter les paramètres par défaut générez par Yunohost dans `/opt/yunohost/nodered/data/settings.js` et trouver la documentation pour configurer Node-RED ici: https://nodered.org/docs/user-guide/runtime/configuration -**Version incluse :** 3.0.2~ynh1 +**Version incluse :** 3.0.2~ynh2 + ## Captures d'écran From 555dfbf0041847314375799d994c71555d71d5bc Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 4 Sep 2022 10:21:39 +0000 Subject: [PATCH 4/4] Auto-update README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index faaf3a1..eb27021 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,6 @@ You can check the default settings Yunohost generates at `/opt/yunohost/nodered/ **Shipped version:** 3.0.2~ynh2 - ## Screenshots ![Screenshot of Node-RED](./doc/screenshots/screenshot.jpg)