Privileged Docker Access?

knebb · June 26, 2023, 12:12pm

Hi,

I just did a fresh install on a Debian 12 and after Configuration I am getting the error about non-priviledged Docker stuff (sorry, in GErman only):

Das System ist derzeit fehlerhaft, da es keinen privilegierten Zugriff auf die Docker-Laufzeit hat. Verwende den Link, um mehr zu erfahren und wie du dies beheben kannst.

When klicking on the provided link it is not really helpful as it is a fresh install, supported OS and latest version.

So what is the issue here and how do I get rid of it?

Thanks!

/KNEBB

knebb · June 29, 2023, 5:30pm

Hi,

did a little bit of troubleshooting meanwhile. So first I got this Docker-page so I could identify the containers having privileged modus enabled.

So I checked which containers are active while HomeAssistant is running.

root@hoas:/etc/docker# docker container stats --no-stream
CONTAINER ID   NAME                      CPU %     MEM USAGE / LIMIT     MEM %     NET I/O           BLOCK I/O   PIDS
8b597eea88d8   homeassistant             0.98%     323.6MiB / 2.048GiB   15.43%    0B / 0B           0B / 0B     28
b312beb6a235   addon_a0d7b954_influxdb   4.60%     222MiB / 2.048GiB     10.59%    9.43MB / 809kB    0B / 0B     39
2d9e43903034   addon_core_configurator   0.02%     23.14MiB / 2.048GiB   1.10%     241MB / 2.46MB    0B / 0B     8
b2b9dad57c5a   hassio_supervisor         0.28%     96.02MiB / 2.048GiB   4.58%     50.9MB / 274MB    0B / 0B     24
a276c1a0d413   addon_a0d7b954_grafana    0.41%     92.46MiB / 2.048GiB   4.41%     32.5MB / 11.2MB   0B / 0B     43
5241e3996cc0   hassio_multicast          0.08%     884KiB / 2.048GiB     0.04%     0B / 0B           0B / 0B     4
a08f791cc77c   hassio_audio              0.01%     4.449MiB / 2.048GiB   0.21%     27.2MB / 0B       0B / 0B     12
31495a2d87a3   hassio_dns                0.03%     13.19MiB / 2.048GiB   0.63%     27.6MB / 473kB    0B / 0B     12
7cf496031e91   hassio_cli                0.00%     1.551MiB / 2.048GiB   0.07%     27.2MB / 12.5kB   0B / 0B     6
cc835345e31b   hassio_observer           0.00%     4.359MiB / 2.048GiB   0.21%     27.9MB / 470kB    0B / 0B     6

Not too much but still a couple. So I checked first my supervisor according to the above link:

root@hoas:/etc/docker# docker inspect --format='{{.HostConfig.Privileged}}'  b2b9dad57c5a
true

true. So it runs in privileged mode. Se result for all containers (same sort order):

root@hoas:/etc/docker# for i in $(docker container stats --no-stream| cut -d " " -f 1| grep -v CONTAIN); do docker inspect --format='{{.HostConfig.Privileged}}'  $i; done
true
false
false
true
false
false
false
false
false
false

So the main Docker container (homeassistant and hassio_supervisor) are running in privileged mode.

Which one of the other do I have to allow this mode in order to get rid of the warning? All?
Further question: how do I enable this mode persistent?

Running with supervised install on Debian12.

Thanks!

/KNEBB

flipreverse · July 4, 2023, 6:48pm

I’m affected by this issue as well. HASSIO complains about missing rights. docker inspect, however, reports Privileged is set for both hassio_supervisor and homeassistant.

timj.pdx · July 5, 2023, 2:02pm

In the same state: supervised install (2003.6.2) on Debian 12, and I am getting the ‘need repair’ notification.

I tried to update to 2012.6.2 and it would not let me due to ‘needing repair’. I ran ‘ha supervised repair’ and the ‘need repair’ notification went away! I updated to 2023.6.3, installed latest updates to Debian and rebooted and I now have no issues.
I checked and only ‘homeassistant’ and ‘hassio’ supervisor’ dockers are ‘privileged’.

I_VANN · February 11, 2024, 6:49pm

//view priviledge status of all containers
IFS=$‘\n’;for i in $(docker container stats --no-stream| grep -v “CONTAINER”| tr -s ’ ‘|cut -d ’ ’ -f1,2); do var1=$(echo -n $i|cut -d’ ’ -f1); var2=$(echo -n $i|cut -d’ ’ -f2); echo -n $var1 $var2 " "; docker inspect --format=‘{{.HostConfig.Privileged}}’ $var1 ; done

smoltron · February 21, 2024, 7:16am

I just received this Privileged Docker Access Unhealty warning. I looked at the documentation and I did not find any instructions on how to deal with this (other than reinstall). What should I do now? Otherwise the system is totally healthy with no error messages anywhere. This is Debian Bookworm supervised, running only home assistant and nothing else of importance. All latest Debian, Docker and Home Assistant updates installed. The error message came suddenly out of the blue sky and I have made no changes to the system.

WallyR · February 21, 2024, 7:43am

Make sure that your system still abide to the Supervised installation requirements and make sure you are running the latest OS-agent and have restarted your system after the update.

francisp · February 21, 2024, 8:13am

Always happens if Supervised updated itself.

docker restart supervisor

and heathy again.

smoltron · February 21, 2024, 8:39am

Great! Very simple. I think it is

docker restart hassio_supervisor