I am trying to take a page from filebrowser add-on which exposes local drives to a web browser.
However despite
- setting apparmor policy
- expose
SYS_ADMINcapabilities to docker - include devices in
map
I still get a permission denied attempting to mount it.
config.yaml
name: "CD Reader"
description: "Allows mounting of CD drive to read mp3s for plex, etc"
version: "1.0.0"
slug: "cd_reader"
init: false
arch:
- amd64
options:
mp3_path: /media/music
schema:
mp3_path: str
privileged:
- SYS_ADMIN
- DAC_READ_SEARCH
map:
- media:rw
- share:rw
boot: manual
devices:
- /dev/sr0
- /dev/cdrom
apparmor: true
Dockerfile
ARG BUILD_FROM
FROM $BUILD_FROM
# Set S6 wait time
ENV S6_CMD_WAIT_FOR_SERVICES=1 \
S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
S6_SERVICES_GRACETIME=0
# Copy data for add-on
COPY run.sh /
RUN chmod a+x /run.sh
# Corrects permissions for s6 v3
RUN if [ -d /etc/cont-init.d ]; then chmod -R 755 /etc/cont-init.d; fi && \
if [ -d /etc/services.d ]; then chmod -R 755 /etc/services.d; fi && \
if [ -f /run.sh ]; then chmod 755 /entrypoint.sh; fi
CMD [ "/run.sh" ]
run.sh
#!/bin/bash
PUID="0"
GUID="0"
echo hello
blkid || echo "blkid not found"
mkdir /mnt/sr0
chown "$PUID:$PGID" /mnt/sr0
mkdir /mnt/cdrom
chown "$PUID:$PGID" /mnt/cdrom
mount /dev/sr0 -o "uid=$PUID,gid=$PGID" /mnt/sr0 || echo "could not mount sr0"
mount /dev/cdrom -o "uid=$PUID,gid=$PGID" /mnt/cdrom || echo "could not mount cdrom"
ls /dev/disk/by-label
df -h
Error (*logs)
...
hello
mount: mounting /dev/sr0 on /mnt/sr0 failed: Permission denied
could not mount sr0
mount: mounting /dev/cdrom on /mnt/cdrom failed: Permission denied
could not mount cdrom
hassos-boot
hassos-data
hassos-overlay
...