/
/
/
1profile music_assistant_addon flags=(attach_disconnected,mediate_deleted) {
2 capability,
3 file,
4 signal,
5 mount,
6 umount,
7 remount,
8 network udp,
9 network tcp,
10 network dgram,
11 network stream,
12 network seqpacket,
13 network inet,
14 network inet6,
15 network netlink raw,
16 network unix dgram,
17
18 capability setgid,
19 capability setuid,
20 capability sys_admin,
21 capability dac_read_search,
22
23 /dev/* mrwkl,
24 /tmp/** mrkwl,
25
26 # Data access
27 /data/** rw,
28 /media/** rw,
29
30 # docker daemon confinement requires explict allow rule for signal
31 signal (receive) set=(kill,term) peer=/usr/bin/docker,
32
33}
34