search

tribut / homeassistant-docker-venv

Run Home Assistant as non-root using the official docker image
123 stars 16 forks source link

Permission denied to devices #13

Closed StefanNienhuis closed 3 years ago

StefanNienhuis commented 4 years ago

This issue is exactly like #7, but somehow not fixed by #6. The container is configured with PUID=1000(my user account) and PGID=998(docker). My user account is in the dialout group, so the container should have rights to /dev/ttyACM0. But, when trying to use my CC2531 Zigbee stick, I get the following permission error:

2020-09-28 21:28:55 WARNING (MainThread) [zigpy_znp.zigbee.application] Failed to probe ZNP radio with config {'path': '/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B001CD47187-if00', 'baudrate': 115200, 'flow_control': None}
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/serial/serialposix.py", line 265, in open
    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
PermissionError: [Errno 13] Permission denied: '/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B001CD47187-if00'

Startup log:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] udev.sh: executing... 
starting version 3.2.9
[21:27:56] INFO: Update udev information
[cont-init.d] udev.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[21:27:56] INFO: Creating user homeassistant with 1000:998
[21:27:56] INFO: Initializing venv in /var/tmp/homeassistant-venv
[21:28:03] INFO: Activating venv
[21:28:03] INFO: Starting homeassistant

My docker-compose service:

homeassistant:
    container_name: homeassistant
    image: homeassistant/home-assistant:stable
    userns_mode: host
    network_mode: host
    privileged: true
    restart: unless-stopped

    volumes:
      - /home/stefannienhuis/Docker/Home Assistant:/config
      - /home/stefannienhuis/Docker/Home Assistant/docker/run:/etc/services.d/home-assistant/run

    devices:
      - /dev/ttyACM0:/dev/ttyACM0

    environment:
      TZ: $TZ
      PUID: 1000
      PGID: 998

    labels:
      com.centurylinklabs.watchtower.enable: 'true'

I have user namespaces enabled in Docker, but the userns_mode: host should prevent it from applying to this container.

Permissions:

$ id -u
1000
$ groups
stefannienhuis adm dialout cdrom sudo dip plugdev lxd libvirt docker nienhuis
$ ll /dev/ttyACM0
crw-rw---- 1 root dialout 166, 0 Sep 28 19:38 /dev/ttyACM0
$ ll /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B001CD47187-if00
lrwxrwxrwx 1 root root 13 Sep 28 19:41 /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B001CD47187-if00 -> ../../ttyACM0

Is there something wrong with my config or should this function fine?

StefanNienhuis commented 3 years ago

This issue was resolved by re-flashing the CC2531.

tribut commented 3 years ago

Great to hear that you were able to resolve it and sorry for not getting back to you sooner.

martinwk commented 3 years ago

@StefanNienhuis thanks for posting your docker compose snippet here. It enabled to answer my own question

@tribut it might be worthwhile to add this example to the README.md for future users.