Hi, I wanted to try home assistant on my laptop in Docker container and in the instructions here Generic x86-64 - Home Assistant it is specified to use --privileged option. Was it possible to remove this? Any plans to make it more secure which requires less privileges?
For me that --privileged option is a big red flag
I don’t allow privileged access and HA works fine. But I also know how to map hardware resources into the container, and I also know how to recognize when that’s required. My HA install also runs on a server with practically no hardware resources installed on it.
If you don’t know how to give docker access to your hardware resources, HA will be unable to find your USB serial devices, Bluetooth controllers, etc., so I presume that’s at least one reason why it’s required. The instructions are geared towards the common user who just wants HA to work, not someone who wants a hardened installed. If the default instructions were to be very secure, then it would never work for most people. Many HA users are not Docker experts and just copy and paste what’s there.
The same reason is why host networking is required. It’s usually not recommended in most Docker deployments, but it’s required so HA can automatically discover any devices on your network (without a more complex solution), something most users want out of the box. For that reason, I do use host networking.
I run HA Container and my docker run command doesn’t have that flag and it works fine.
and I run both zwave and zigbee usb dongles too.
Thanks guys. That’s very great. will try