Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Problem]: Rootless Docker not working #10690

Closed
thueske opened this issue Jan 9, 2022 · 4 comments
Closed

[Problem]: Rootless Docker not working #10690

thueske opened this issue Jan 9, 2022 · 4 comments
Labels
problem Something isn't working

Comments

@thueske
Copy link

thueske commented Jan 9, 2022
edited

What happened?

I tried running Zigbee2MQTT as a rootless Docker container. Unfortunately, the container does not start correctly because it does not have access to the corresponding Zigbee device.

What did you expect to happen?

I expected the container to start with no root privileges or errors.

How to reproduce it (minimal and precise)

Start the compose file:

version: "3.5"
services:
  bridge:
    image: koenkk/zigbee2mqtt
    restart: unless-stopped
    environment:
      - ZIGBEE2MQTT_CONFIG_MQTT_SERVER=mqtt://broker:1883
      - ZIGBEE2MQTT_CONFIG_FRONTEND_PORT=8080
      - ZIGBEE2MQTT_CONFIG_HOMEASSISTANT=true
      - TZ=Europe/Berlin
    volumes:
      - /run/udev:/run/udev:ro
    networks:
      default:
    group_add:
      - dialout
    user: 1000:1000
    devices:
      - /dev/ttyACM0

Zigbee2MQTT version

1.22.2

Adapter firmware version

0x26720700

Adapter

Conbee II

Debug log

Container:

/dev $ ls -lah
crw-rw----    1 root     dialout   166,   0 Jan  9 21:16 ttyACM0

/app $ test -w /dev/ttyACM0 && echo success || echo failure
failure

smarthome-bridge-1  | 2022-01-09T20:14:50.440720251Z Zigbee2MQTT:info  2022-01-09 21:14:50: Logging to console and directory: '/app/data/log/2022-01-09.21-14-35' filename: log.txt
smarthome-bridge-1  | 2022-01-09T20:14:50.626601810Z Zigbee2MQTT:info  2022-01-09 21:14:50: Starting Zigbee2MQTT version 1.22.2 (commit #414c51f)
smarthome-bridge-1  | 2022-01-09T20:14:50.647804760Z Zigbee2MQTT:info  2022-01-09 21:14:50: Starting zigbee-herdsman (0.13.188)
smarthome-bridge-1  | 2022-01-09T20:14:54.160397538Z CREATED DECONZ ADAPTER
smarthome-bridge-1  | 2022-01-09T20:14:54.228855177Z Zigbee2MQTT:error 2022-01-09 21:14:54: Error while starting zigbee-herdsman
smarthome-bridge-1  | 2022-01-09T20:14:54.239459861Z Zigbee2MQTT:error 2022-01-09 21:14:54: Failed to start zigbee
smarthome-bridge-1  | 2022-01-09T20:14:54.248763592Z Zigbee2MQTT:error 2022-01-09 21:14:54: Check https://www.zigbee2mqtt.io/guide/installation/20_zigbee2mqtt-fails-to-start.html for possible solutions
smarthome-bridge-1  | 2022-01-09T20:14:54.258128194Z Zigbee2MQTT:error 2022-01-09 21:14:54: Exiting...
smarthome-bridge-1  | 2022-01-09T20:14:54.981823885Z Zigbee2MQTT:error 2022-01-09 21:14:54: Error: Error while opening serialport 'Error: Error: Permission denied, cannot open /dev/ttyACM0'

Host-System:

➜  smarthome git:(master) l  /dev/ttyACM0
crw-rw---- 1 root dialout 166, 0 Jan  9 21:17 /dev/ttyACM0

➜  smarthome git:(master) id
uid=1000(bananapi) gid=1000(thueske) groups=1000(bananapi),5(tty),6(disk),20(dialout),27(sudo),29(audio),44(video),46(plugdev),60(games),100(users),102(systemd-journal),106(input),110(netdev),112(ssh),998(docker)

➜  smarthome git:(master) test -w /dev/ttyACM0 && echo success || echo failure
success
@thueske thueske added the problem Something isn't working label Jan 9, 2022
@ruifung
Copy link
Contributor

ruifung commented Jan 10, 2022
edited

I fail to see how this is a problem with Zigbee2MQTT
Isn't this more of a matter of you not configuring your docker container / permissions properly?

Like, if you want to run your container as nonroot, it's up to you to grant the container's effective UID permissions access to the serial port, like maybe by using ACLs.

You'll note that your user in the host system is a member of the dialout group. Which is likely what's granting it access.

@thueske
Copy link
Author

thueske commented Jan 10, 2022

Sorry, but I don't get your message. The permissions on the host system match as seen in the debug logs. Or did I miss something?

@thueske
Copy link
Author

thueske commented Jan 10, 2022
edited

It actually looks like the group is not set in the container. group_add does not work as described in the documentation.

docker/compose#8987 fixes this behaviour :)

@thueske thueske closed this as completed Jan 10, 2022
@jfcabral
Copy link

jfcabral commented Feb 5, 2022

Hello, I'm having the same issue as @thueske:

Permission denied, cannot open /dev/ttyACM0

In my case, I can confirm that the group_add is working just fine, so docker/compose#8987 seems to have fixed it 😄

After some troubleshooting and research on the web, I've found that my issue is actually caused due to this situation: moby/moby#43019 as I am running Docker daemon as a non-root user

So as @ruifung has mentioned, it's not really a problem of Zigbee2MQTT.

Until it gets fixed, I'll be using this guide https://www.xmodulo.com/change-usb-device-permission-linux.html to set the permissions of the device to 666 on boot, so that later Zigbee2MQTT can access it!

I am doing this reply as I believe it could be helpful for someone having the same issue.

For reference, my specs are:

  • Ubuntu 20.04.3 LTS
  • Linux arm-64 5.9.0
  • Docker version 20.10.12, build e91ed57
  • Docker Compose version v2.2.3
  • zigbee2mqtt 1.23.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
problem Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thueske @jfcabral @ruifung