Docker runs into fatal error as library directory cannot be created

Hi All,

I am trying to install HA in a Dokcer container. Preferably I would like to have it installed as a non-root user due to security. However, I cannot get it to work. Would you be able to help me, please?

I am following along this topic. I tried it with and without restarting the docker service after the last chmod command. In both cases HA does not boot given the following error message: ‘Error response from daemon: cannot share the host’s network namespace when user namespaces are enabled’.

Upon deleting the network_mode: host from the compose file, I get a different message:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun home-assistant (no readiness notification)
[10:42:08] INFO: Creating user homeassistant with 1001:8123
s6-rc: info: service legacy-services successfully started
[10:42:08] INFO: Installing package: iputils
[10:42:08] INFO: Initializing venv in /var/tmp/homeassistant-venv
[10:42:14] INFO: Setting umask: 007
[10:42:14] INFO: Activating venv
[10:42:14] INFO: Setting new $HOME
[10:42:14] INFO: Starting homeassistant
Fatal Error: Unable to create library directory /config/deps
[09:42:15] INFO: Home Assistant Core finish process exit code 1
[09:42:15] INFO: Home Assistant Core service shutdown
s6-rc: info: service legacy-services: stopping
[09:42:15] INFO: Home Assistant Core finish process exit code 256
[09:42:15] INFO: Home Assistant Core finish process received signal 15
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Tried to google my way out of why the folder /config/deps/ won’t get created, but it gets me nowhere. Anybody an idea what I am doing wrong?

Compose file:

version: '3.8'
services:
  hass:
    image: "homeassistant/home-assistant:latest"
    environment:
      - TZ=Europe/Amsterdam
      - PUID=1001
      - PGID=8123
      - UMASK=007
      - PACKAGES=iputils
    volumes:
      -  "/home/hassuser/config:/config"
      -  "/home/hassuser/docker/dockerrun/run:/etc/services.d/home-assistant/run"

Ownership of the /home/hassuser/ folder

Due to new membership, I cannot add another image. But id hassuser results in:
uid=1001(hassuser) gid=1001(hassuser) groups=1001(hassuser),8123(hassgroup)

The official HA Docker image expects to run as root - I’m not even sure it has support for running as any other account.

Your error seems capability related : the container cannot write to the host file system. To debug, try to add all (or as many as you can) capabilities and remove them slowly until you find what’s required

Thank you @Tinkerer & @thi_baut for thinking along and pointing me towards a solution. I am trying but I have had a busy week with work. I hope to further dive into it on Sunday.

Had some time to look into it again today. I decide to try it on a new device. So, created a fresh Ubuntu Desktop 22.04 LTS installed both Docker as Podman on it and followed the instructions from this topic as before.

It resulted in the following:

WORKS

sudo docker run -d \
    --name="home-assistant" \
    -e "TZ=Europe/Amsterdam" \
    -e "PUID=1001" \
    -e "PGID=8123" \
    -e "PACKAGES=iputils" \
    -v "/home/hassuser:/config" \
    -v "/home/hassuser/docker/run:/etc/services.d/home-assistant/run" \
    --net=host \
    docker.io/homeassistant/home-assistant:stable

WORKS

 sudo podman run -d \
    --name="home-assistant" \
    -e "TZ=Europe/Amsterdam" \
    -e "PUID=1001" \
    -e "PGID=8123" \
    -e "PACKAGES=iputils" \
    -v "/home/hassuser:/config" \
    -v "/home/hassuser/docker/run:/etc/services.d/home-assistant/run" \
    --net=host \
    docker.io/homeassistant/home-assistant:stable

So far, so good. It works in both Docker and Podman. However, when running the following compose file it works with docker compose but not with podman-compose

version: '3'
services:
  hass:
    image: docker.io/homeassistant/home-assistant:stable
    container_name: home-assistant
    restart: unless-stopped
    environment:
      - TZ=Europe/Amsterdam
      - PUID=1001
      - PGID=8123
      - PACKAGES=iputils
    volumes:
      -  "/home/hassuser/config:/config"
      -  "/home/hassuser/docker/dockerrun/run:/etc/services.d/home-assistant/run"
    security_opt:
      - no-new-privileges
    ports:
      - 8123:8123

So, overall I am happy. I decided to prefer the ‘Podman way’ as it does not run a deamon as Docker does.
Next up: get it to work on my initial setup and (then) move it into the k8 cluster.

I’m also on Ubuntu 22.04 LTS (I’m the author of the other post) - but I don’t thinks the distro matters.

It’s probably not the problem but your “port” section is misaligned (missing one " ").

I’m curious to understand why you run HA in k8s, how you plan to use it?

Thanks for pointing the missing " " out. That was on me as I retyped the yaml into this post. So, the space is not missing in the yaml and I updated the post above.

With regards to k8s: my vision is to containerise all applications within my home environment and have k8s manage it instead of me checking all hardware (via SSH). I separated the data & storage from the application (layer). The data is ‘managed’ by my NAS system.

That said, I am not even close of being an/the expert (who is?). So, although off topic, I would love to hear your considerations, pros/cons.

P.S. I recognised you as the author indeed. Thank you for the solution in the other post!