Hass in non-root user docker container - ping permision problem

@macle wrote:

Hello,

I’m working on using my hass via docker container running in non-root user configuration.

It works for my configuration… with one exception: ping platform.
It seems that ping doesn’t have proper permissions.

Many sources suggests adding additional capabilities to the hass container which should deliver proper permisions, something like:

--cap-add NET_RAW --cap-add NET_BIND_SERVICE --cap-drop ALL

Thus, my docker run includes such an arguments:

docker run --init -d --name="hass-docker" -e "TZ=Europe/Warsaw" \
	--user 1000:20 \
	-v /home/pi/.homeassistant-docker:/config \
	-v /etc/localtime:/etc/localtime:ro \
	--cap-add NET_RAW  --cap-add NET_BIND_SERVICE --cap-drop ALL \
	--net=host \
homeassistant/raspberrypi3-homeassistant:latest

but… it seems it doesn’t work:

$ docker exec -it hass-docker /bin/sh
/config $ id
uid=1000 gid=20(dialout)
/config $ ping 8.8.8
PING 8.8.8 (8.8.0.8): 56 data bytes
ping: permission denied (are you root?)
/config $

My system:

$ uname -a
Linux rasp1 4.19.66-v7+ #1253 SMP Thu Aug 15 11:49:46 BST 2019 armv7l GNU/Linux
$ docker --version
Docker version 19.03.5, build 633a0ea
$

Any ideas why capabilities doesn’t work?

Regards,
M.

Posts: 2

Participants: 2

Read full topic