I just saw this website talking about a security flaw in Docker. Anything to be worried about for us HA users?
ZDNet: Doomsday Docker security hole uncovered.
From the article, it says that a user would have to install a malicious container on their system for such an exploit to occur, so as long as you are careful about what unofficial add-ons you use, you should be fine.
maybe a better question is how do we fix this on our machines? I didn’t find anything on the Docker website about a patch.
I think you just need to make sure you’re running an up to date version of Docker
You’re not looking very hard… in their blog… a patch was released on Monday.
Just update same as you would anything else in linux
sudo apt-get update && sudo apt-get upgrade
@sparkydave Just be aware when you update docker, nothing will work… I don’t know if you use portainer, but you will have to restart the supervisor and home assistant either in there or from the command line. Then in Hassio you can restart the add-ons as they don’t seem to like being restarted from Portainer (some of them anyway)… Just be aware of this if you run into problems.
Also as I use a reverse proxy - Caddy as an addon, I’m shit-outa-luck connecting to anything except via the IP address of portainer… I can’t use my regular domain.
1 Like
Anything you can add further about portainer? Does it just need to be restarted from the command line?
Portainer is a web interface for docker. Hassio for some reason doesn’t restart its containers when docker is updated. Stuff I manage with compose starts itself again. It’s just a possible issue to be aware of If HA doesn’t start after the upgrade of docker.
@DavidFW1960
Thank you. I was obscenely unclear and I apologize for not being more descriptive. I use portainer but not hassio. I do use the HA docker container.
I did the apt update and upgrade and everything broke (docker couldn’t even start containers). Fortunately I imaged my SDcard 2 days ago so I’m restoring now. Also fortunate is that I don’t expose anything (no reverse proxy) and only use openVPN to access HA and my LAN so at least that mitigates the vulnerability until we have a workable solution to get everything back up and running.
Well that’s weird!
My other non-hassio containers all restarted after upgrading docker… They startup via docker-compose and they are set to restart unless stopped. Portainer itself is of course a docker container.
The only containers that didn’t start were the Hassio and addons. I just started them via Portainer and hassio started fine… it was just some of the addons would not start but once hassio was running again, I was able to start those normally.
I have no idea why you can’t restart yours.