Investigate new USER mechanism in s6

tribut / homeassistant-docker-venv

Run Home Assistant as non-root using the official docker image

120 stars 14 forks source link

Investigate new USER mechanism in s6 #16

Open tribut opened 3 years ago

tribut commented 3 years ago

s6 recently added support for dropping permissions using Docker's USER directive(https://github.com/just-containers/s6-overlay/issues/19#event-3759845201). This could reduce complexity for our script substantially (to pre-0.107 levels) and might be a lot cleaner. Upstream documentation is here: https://github.com/just-containers/s6-overlay#user-directive

mhoran commented 1 year ago

I've been testing out Podman recently and Home Assistant seems to run just fine with the --userns=keep-id flag. This runs the container with my host user ID, which would be equivalent to a Dockerfile USER. Of course, my user doesn't have access to install Python packages since the Python installation directory is owned by root, so it'd be great to see this script updated!