search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
70.57k stars 29.49k forks source link

Bluetooth in container give access denied error #76392

Closed Dinges28 closed 1 year ago

Dinges28 commented 2 years ago

The problem

After upgrading to the new home assistant 2022.8.1 i get an error for setting up the bluetooth

Opnieuw proberen in te stellen: Failed to start Bluetooth: [org.freedesktop.DBus.Error.AccessDenied] An AppArmor policy prevents this sender from sending this message

Tried both options mentioned in the documentation to -v the DBus

What version of Home Assistant Core has the issue?

2022.8.1

What was the last working version of Home Assistant Core?

core-2022.7.7

What type of installation are you running?

Home Assistant Container

Integration causing the issue

Bluetooth

Link to integration documentation on our website

https://www.home-assistant.io/integrations/bluetooth

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

Error handling request
-----------------------
Logger: aiohttp.server
Source: components/bluetooth/util.py:19
First occurred: 17:17:57 (1 occurrences)
Last logged: 17:17:57

Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_protocol.py", line 435, in _handle_request
    resp = await request_handler(request)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_app.py", line 504, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 60, in security_filter_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/forwarded.py", line 100, in forwarded_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 28, in request_context_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 82, in ban_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 236, in auth_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/view.py", line 136, in handle
    result = await result
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 215, in post
    return await super().post(request)
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 73, in wrapper
    result = await method(view, request, data, *args, **kwargs)
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 70, in post
    result = await self._flow_mgr.async_init(
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 222, in async_init
    flow, result = await task
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 249, in _async_init
    result = await self._async_handle_step(flow, flow.init_step, data, init_done)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 359, in _async_handle_step
    result: FlowResult = await getattr(flow, method)(user_input)
  File "/usr/src/homeassistant/homeassistant/components/bluetooth/config_flow.py", line 69, in async_step_init
    if not (adapters := await async_get_bluetooth_adapters()):
  File "/usr/src/homeassistant/homeassistant/components/bluetooth/util.py", line 19, in async_get_bluetooth_adapters
    adapters = await get_bluetooth_adapters()
  File "/usr/local/lib/python3.10/site-packages/bluetooth_adapters/__init__.py", line 35, in get_bluetooth_adapters
    reply = await bus.call(msg)
  File "/usr/local/lib/python3.10/site-packages/dbus_next/aio/message_bus.py", line 305, in call
    await future
  File "/usr/local/lib/python3.10/site-packages/dbus_next/aio/message_bus.py", line 365, in _message_reader
    if self._unmarshaller.unmarshall():
  File "/usr/local/lib/python3.10/site-packages/dbus_next/_private/unmarshaller.py", line 304, in unmarshall
    self._unmarshall()
  File "/usr/local/lib/python3.10/site-packages/dbus_next/_private/unmarshaller.py", line 243, in _unmarshall
    self.read(16, prefetch=True)
  File "/usr/local/lib/python3.10/site-packages/dbus_next/_private/unmarshaller.py", line 91, in read
    raise EOFError()
EOFError

========================

Error doing job: Future exception was never retrieved
-----------------------------------------------------
Logger: homeassistant
Source: components/bluetooth/util.py:19
First occurred: 17:18:00 (1 occurrences)
Last logged: 17:18:00

Error doing job: Future exception was never retrieved
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_protocol.py", line 435, in _handle_request
    resp = await request_handler(request)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_app.py", line 504, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 60, in security_filter_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/forwarded.py", line 100, in forwarded_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 28, in request_context_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 82, in ban_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 236, in auth_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/view.py", line 136, in handle
    result = await result
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 215, in post
    return await super().post(request)
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 73, in wrapper
    result = await method(view, request, data, *args, **kwargs)
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 70, in post
    result = await self._flow_mgr.async_init(
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 222, in async_init
    flow, result = await task
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 249, in _async_init
    result = await self._async_handle_step(flow, flow.init_step, data, init_done)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 359, in _async_handle_step
    result: FlowResult = await getattr(flow, method)(user_input)
  File "/usr/src/homeassistant/homeassistant/components/bluetooth/config_flow.py", line 69, in async_step_init
    if not (adapters := await async_get_bluetooth_adapters()):
  File "/usr/src/homeassistant/homeassistant/components/bluetooth/util.py", line 19, in async_get_bluetooth_adapters
    adapters = await get_bluetooth_adapters()
  File "/usr/local/lib/python3.10/site-packages/bluetooth_adapters/__init__.py", line 35, in get_bluetooth_adapters
    reply = await bus.call(msg)
  File "/usr/local/lib/python3.10/site-packages/dbus_next/aio/message_bus.py", line 305, in call
    await future
  File "/usr/local/lib/python3.10/site-packages/dbus_next/aio/message_bus.py", line 365, in _message_reader
    if self._unmarshaller.unmarshall():
  File "/usr/local/lib/python3.10/site-packages/dbus_next/_private/unmarshaller.py", line 304, in unmarshall
    self._unmarshall()
  File "/usr/local/lib/python3.10/site-packages/dbus_next/_private/unmarshaller.py", line 243, in _unmarshall
    self.read(16, prefetch=True)
  File "/usr/local/lib/python3.10/site-packages/dbus_next/_private/unmarshaller.py", line 91, in read
    raise EOFError()
EOFError

Additional information

No response

probot-home-assistant[bot] commented 2 years ago

bluetooth documentation bluetooth source (message by IssueLinks)

probot-home-assistant[bot] commented 2 years ago

Hey there @bdraco, mind taking a look at this issue as it has been labeled with an integration (bluetooth) you are listed as a code owner for? Thanks! (message by CodeOwnersMention)

dannytrigo commented 2 years ago

I have the same issue running HA in a docker container with Ubuntu 22.04 LTS as the host OS, and the dbus path mounted as a RO volume

rutkai commented 2 years ago

Same here, I have a host of 16.04 (yeah, that old) and it gives this error with and without ro mount option. Disabling apparrmor doesn't make any difference.

vingerha commented 2 years ago

Same issue here, ubuntu 22.04, HA 2022.8.1 I got it working when running the container --privileged but this is a mere workaround. The Apparmor seems to be related to a container setting but I am not a specialist and would not know what to do without creating a possible bigger mess https://github.com/edgexfoundry-holding/device-bluetooth-c/issues/4

Upgraded to 2022.8.6 ... still the same (was not expecting a solution though)

AndreiArdelean1 commented 2 years ago

Same here. Host Ubuntu 20.04.4 LTS and it gives this error with and without ro mount option. Disabling apparrmor doesn't make any difference. Adding privileged: true to the docker compose didn't help.

venil7 commented 2 years ago

Same error, Ubuntu 20.04

adding privileged: true did help, though

AndreiArdelean1 commented 2 years ago

If it helps, running dbus-monitor from inside the container:

bash-5.1# dbus-monitor --system
Failed to open connection to system bus: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)
bash-5.1# dbus-monitor --session
Failed to open connection to session bus: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
bash-5.1# dbus-daemon --system
dbus-daemon[99]: Failed to start message bus: Failed to bind socket "/var/run/dbus/system_bus_socket": Address in use
vingerha commented 2 years ago

Just a side note which I learned recently, many people believe that the BT integration opens up ALL devices but none is more true. At present tnly very few types are auto-added via this method, see the notes. ie. even if my BT integration shows working...at present I have none of the available BT-integrations...so nothing shows.

Net: the AppArmor isssue still requires a solution

AndreiArdelean1 commented 2 years ago

I finally got it to work. The problem was that my docker is in swarm mode, and in swarm security_opt (and custom AppArmor profiles) are not available. I created a custom AppArmor profile and replaced the docker-default one. Here it explains how to do that. I also had to add a few rules to /etc/dbus-1/system.d/bluetooth.conf.

I've attached the files. They are a bit messy, but they might help.

docker-default bluetooth.conf

bdraco commented 2 years ago

I finally got it to work. The problem was that my docker is in swarm mode, and in swarm security_opt (and custom AppArmor profiles) are not available. I created a custom AppArmor profile and replaced the docker-default one. Here it explains how to do that. I also had to add a few rules to /etc/dbus-1/system.d/bluetooth.conf.

I've attached the files. They are a bit messy, but they might help.

docker-default

bluetooth.conf

You might need to open up a few more bluez endpoints on dbus next month as the Bluetooth integration evolves

batiatto commented 1 year ago

I have the same issue and after reading this thread I couldn't figure out what is wrong. I am using the built-in BT adapter in the laptop.

dmaciaszek commented 1 year ago

Same problem on version 2022.8.7 with ubuntu and docker containerized app

batiatto commented 1 year ago

Mine already works. I’ll post the configuration later on as I have no time now. I have it working with the laptop built-in BT adapter and an Asus BT-500. So I have it working with two BT adapters at the same time.

bdraco commented 1 year ago

Mine already works. I’ll post the configuration later on as I have no time now. I have it working with the laptop built-in BT adapter and an Asus BT-500. So I have it working with two BT adapters at the same time.

In 2022.9.x if you get an extension cable or a usb to Ethernet extension you could run the second one further away and the system should pick the best path to connect to the device based on the signal strength

dmaciaszek commented 1 year ago

Mine already works. I’ll post the configuration later on as I have no time now. I have it working with the laptop built-in BT adapter and an Asus BT-500. So I have it working with two BT adapters at the same time.

Can you post your config?

mbarcia commented 1 year ago

I finally got it to work. The problem was that my docker is in swarm mode, and in swarm security_opt (and custom AppArmor profiles) are not available. I created a custom AppArmor profile and replaced the docker-default one. Here it explains how to do that. I also had to add a few rules to /etc/dbus-1/system.d/bluetooth.conf.

I've attached the files. They are a bit messy, but they might help.

docker-default bluetooth.conf

Thank you, this fixed the issues I was having with bluetooth.

andras-tim commented 1 year ago

I finally got it to work. The problem was that my docker is in swarm mode, and in swarm security_opt (and custom AppArmor profiles) are not available. I created a custom AppArmor profile and replaced the docker-default one. Here it explains how to do that. I also had to add a few rules to /etc/dbus-1/system.d/bluetooth.conf.

I've attached the files. They are a bit messy, but they might help.

docker-default bluetooth.conf

Thank you for this solution! (I use a standard Ubuntu 20.04, docker-compose, systemd based system)