Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNS problems [solved by disabling apparmor] #497

Closed
straccio opened this issue Jun 6, 2018 · 17 comments
Closed

DNS problems [solved by disabling apparmor] #497

straccio opened this issue Jun 6, 2018 · 17 comments

Comments

@straccio
Copy link

straccio commented Jun 6, 2018

Good morning and good job.
I have installed hassio with docker on Ubuntu.
All work ok except the dns resolution of "homeassistant" container.

I tried to reinstall all the containers but I did not solve them

After some days digging in internet and looking for a solution in the sources... i have found the problem.
The hassio_supervisor container does not start socat for forward dns (but why you need a dns forwarder to docker dns instead use docker dns directly when launching homeassistant container?)

Running socat command manually or change homeassistant configuration in order to use directly 127.0.0.11 instead hassio_supervisior for dns resolution solve the problem

here some logs and info

$ docker --version
Docker version 17.12.0-ce, build c97c6d6
$ cat /etc/issue
Ubuntu 17.10 \n \l
$ docker images
REPOSITORY                               TAG                 IMAGE ID            CREATED             SIZE
homeassistant/qemux86-64-homeassistant   0.70.1              690b4c1aea5f        5 days ago          1.19GB
homeassistant/qemux86-64-homeassistant   latest              690b4c1aea5f        5 days ago          1.19GB
homeassistant/amd64-hassio-supervisor    105                 a3db136dfcae        7 days ago          129MB
homeassistant/amd64-hassio-supervisor    latest              a3db136dfcae        7 days ago          129MB
hassioaddons/influxdb-amd64              0.1.0               062066be9f4e        9 days ago          435MB
hassioaddons/influxdb-amd64              latest              062066be9f4e        9 days ago          435MB
hassioaddons/ide-amd64                   0.2.0               3d81fc0d19ef        3 weeks ago         331MB
hassioaddons/ide-amd64                   latest              3d81fc0d19ef        3 weeks ago         331MB
hassioaddons/shinobi-amd64               0.2.0               1787ba14db62        3 weeks ago         296MB
hassioaddons/shinobi-amd64               latest              1787ba14db62        3 weeks ago         296MB
hassioaddons/control-panel-amd64         1.1.0               138bb80dca5a        3 weeks ago         23.4MB
hassioaddons/control-panel-amd64         latest              138bb80dca5a        3 weeks ago         23.4MB
hassioaddons/aircast-amd64               0.4.0               7d21f00cf152        3 weeks ago         137MB
hassioaddons/aircast-amd64               latest              7d21f00cf152        3 weeks ago         137MB


$ docker exec -i -t hassio_supervisor cat /etc/resolv.conf
search newhome.lan
nameserver 127.0.0.11
options ndots:0
$ docker exec -i -t hassio_supervisor ping -c1 www.google.com
PING www.google.com (216.58.198.4): 56 data bytes
64 bytes from 216.58.198.4: seq=0 ttl=57 time=24.156 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 24.156/24.156/24.156 ms

$ docker exec -i -t homeassistant cat /etc/resolv.conf
nameserver 172.30.32.2
options ndots:0
$ docker exec -i -t homeassistant ping -c1 www.google.com
ping: bad address 'www.google.com'
18-06-06 09:53:19 INFO (MainThread) [__main__] Initialize Hassio setup
18-06-06 09:53:19 INFO (MainThread) [__main__] Setup HassIO
18-06-06 09:53:19 INFO (MainThread) [hassio.utils.gdbus] Introspect org.freedesktop.systemd1 on /org/freedesktop/systemd1
18-06-06 09:53:19 ERROR (MainThread) [hassio.utils.gdbus] DBus return error: b'Error loading shared library libgio-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libgobject-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libglib-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libintl.so.8: Permission denied (needed by /usr/bin/gdbus)\nError relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied\nError relocating /usr/bin/gdbus: g_option_context_get_help: symbol not found\nError relocating /usr/bin/gdbus: g_variant_parse: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_new_for_xml: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_unref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_checked_: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_description: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_add_main_entries: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_add_value: symbol not found\nError relocating /usr/bin/gdbus: g_string_new: symbol not found\nError relocating /usr/bin/gdbus: g_object_unref: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_new_for_address_sync: symbol not found\nError relocating /usr/bin/gdbus: g_free: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_get_unique_name: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_is_of_type: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_signal_subscribe: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_unref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_clear: symbol not found\nError relocating /usr/bin/gdbus: g_str_equal: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_end: symbol not found\nError relocating /usr/bin/gdbus: g_print: symbol not found\nError relocating /usr/bin/gdbus: libintl_textdomain: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_unref: symbol not found\nError relocating /usr/bin/gdbus: g_printerr: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_lookup: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_dup_string: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_unref: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_add_group: symbol not found\nError relocating /usr/bin/gdbus: g_variant_print: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_summary: symbol not found\nError relocating /usr/bin/gdbus: g_list_sort: symbol not found\nError relocating /usr/bin/gdbus: g_variant_is_object_path: symbol not found\nError relocating /usr/bin/gdbus: g_set_error: symbol not found\nError relocating /usr/bin/gdbus: g_assertion_message_expr: symbol not found\nError relocating /usr/bin/gdbus: g_io_error_quark: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_unique_name: symbol not found\nError relocating /usr/bin/gdbus: libintl_bind_textdomain_codeset: symbol not found\nError relocating /usr/bin/gdbus: g_string_free: symbol not found\nError relocating /usr/bin/gdbus: libintl_bindtextdomain: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_flush_sync: symbol not found\nError relocating /usr/bin/gdbus: g_bus_get_sync: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_init: symbol not found\nError relocating /usr/bin/gdbus: g_strcmp0: symbol not found\nError relocating /usr/bin/gdbus: g_variant_ref_sink: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_add: symbol not found\nError relocating /usr/bin/gdbus: g_strdup_printf: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_get_keys: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_signal_unsubscribe: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_new_with_free_func: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_new_full: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_help_enabled: symbol not found\nError relocating /usr/bin/gdbus: g_source_remove: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_add_entries: symbol not found\nError relocating /usr/bin/gdbus: g_bus_watch_name_on_connection: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_peek_string: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_name: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_new: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_error_quark: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_run: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_insert: symbol not found\nError relocating /usr/bin/gdbus: g_shell_parse_argv: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_unref: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_call_sync: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_free: symbol not found\nError relocating /usr/bin/gdbus: g_bus_unwatch_name: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_lookup_interface: symbol not found\nError relocating /usr/bin/gdbus: g_variant_ref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_next_value: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_parse: symbol not found\nError relocating /usr/bin/gdbus: g_list_free: symbol not found\nError relocating /usr/bin/gdbus: g_str_hash: symbol not found\nError relocating /usr/bin/gdbus: g_string_append: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_set_translation_domain: symbol not found\nError relocating /usr/bin/gdbus: g_main_context_iteration: symbol not found\nError relocating /usr/bin/gdbus: g_str_has_prefix: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_new: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_loop: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_interface_name: symbol not found\nError relocating /usr/bin/gdbus: g_variant_new: symbol not found\nError relocating /usr/bin/gdbus: g_variant_get: symbol not found\nError relocating /usr/bin/gdbus: g_strdup: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_emit_signal: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_new: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_ignore_unknown_options: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_new: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_member_name: symbol not found\nError relocating /usr/bin/gdbus: g_path_get_basename: symbol not found\nError relocating /usr/bin/gdbus: g_timeout_add: symbol not found\nError relocating /usr/bin/gdbus: g_error_matches: symbol not found\nError relocating /usr/bin/gdbus: g_strndup: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_get_string_length: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_interface_info_lookup_method: symbol not found\nError relocating /usr/bin/gdbus: g_string_append_len: symbol not found\nError relocating /usr/bin/gdbus: g_string_insert_c: symbol not found\nError relocating /usr/bin/gdbus: libintl_gettext: symbol not found\nError relocating /usr/bin/gdbus: g_error_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_parse_error_print_context: symbol not found\nError relocating /usr/bin/gdbus: g_ascii_table: symbol not found\nError relocating /usr/bin/gdbus: RELRO protection failed: Permission denied\n'
18-06-06 09:53:19 WARNING (MainThread) [hassio.dbus.systemd] Can't connect to systemd
18-06-06 09:53:19 INFO (MainThread) [hassio.utils.gdbus] Introspect org.freedesktop.hostname1 on /org/freedesktop/hostname1
18-06-06 09:53:19 ERROR (MainThread) [hassio.utils.gdbus] DBus return error: b'Error loading shared library libgio-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libgobject-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libglib-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libintl.so.8: Permission denied (needed by /usr/bin/gdbus)\nError relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied\nError relocating /usr/bin/gdbus: g_option_context_get_help: symbol not found\nError relocating /usr/bin/gdbus: g_variant_parse: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_new_for_xml: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_unref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_checked_: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_description: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_add_main_entries: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_add_value: symbol not found\nError relocating /usr/bin/gdbus: g_string_new: symbol not found\nError relocating /usr/bin/gdbus: g_object_unref: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_new_for_address_sync: symbol not found\nError relocating /usr/bin/gdbus: g_free: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_get_unique_name: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_is_of_type: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_signal_subscribe: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_unref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_clear: symbol not found\nError relocating /usr/bin/gdbus: g_str_equal: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_end: symbol not found\nError relocating /usr/bin/gdbus: g_print: symbol not found\nError relocating /usr/bin/gdbus: libintl_textdomain: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_unref: symbol not found\nError relocating /usr/bin/gdbus: g_printerr: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_lookup: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_dup_string: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_unref: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_add_group: symbol not found\nError relocating /usr/bin/gdbus: g_variant_print: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_summary: symbol not found\nError relocating /usr/bin/gdbus: g_list_sort: symbol not found\nError relocating /usr/bin/gdbus: g_variant_is_object_path: symbol not found\nError relocating /usr/bin/gdbus: g_set_error: symbol not found\nError relocating /usr/bin/gdbus: g_assertion_message_expr: symbol not found\nError relocating /usr/bin/gdbus: g_io_error_quark: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_unique_name: symbol not found\nError relocating /usr/bin/gdbus: libintl_bind_textdomain_codeset: symbol not found\nError relocating /usr/bin/gdbus: g_string_free: symbol not found\nError relocating /usr/bin/gdbus: libintl_bindtextdomain: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_flush_sync: symbol not found\nError relocating /usr/bin/gdbus: g_bus_get_sync: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_init: symbol not found\nError relocating /usr/bin/gdbus: g_strcmp0: symbol not found\nError relocating /usr/bin/gdbus: g_variant_ref_sink: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_add: symbol not found\nError relocating /usr/bin/gdbus: g_strdup_printf: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_get_keys: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_signal_unsubscribe: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_new_with_free_func: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_new_full: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_help_enabled: symbol not found\nError relocating /usr/bin/gdbus: g_source_remove: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_add_entries: symbol not found\nError relocating /usr/bin/gdbus: g_bus_watch_name_on_connection: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_peek_string: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_name: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_new: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_error_quark: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_run: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_insert: symbol not found\nError relocating /usr/bin/gdbus: g_shell_parse_argv: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_unref: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_call_sync: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_free: symbol not found\nError relocating /usr/bin/gdbus: g_bus_unwatch_name: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_lookup_interface: symbol not found\nError relocating /usr/bin/gdbus: g_variant_ref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_next_value: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_parse: symbol not found\nError relocating /usr/bin/gdbus: g_list_free: symbol not found\nError relocating /usr/bin/gdbus: g_str_hash: symbol not found\nError relocating /usr/bin/gdbus: g_string_append: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_set_translation_domain: symbol not found\nError relocating /usr/bin/gdbus: g_main_context_iteration: symbol not found\nError relocating /usr/bin/gdbus: g_str_has_prefix: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_new: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_loop: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_interface_name: symbol not found\nError relocating /usr/bin/gdbus: g_variant_new: symbol not found\nError relocating /usr/bin/gdbus: g_variant_get: symbol not found\nError relocating /usr/bin/gdbus: g_strdup: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_emit_signal: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_new: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_ignore_unknown_options: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_new: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_member_name: symbol not found\nError relocating /usr/bin/gdbus: g_path_get_basename: symbol not found\nError relocating /usr/bin/gdbus: g_timeout_add: symbol not found\nError relocating /usr/bin/gdbus: g_error_matches: symbol not found\nError relocating /usr/bin/gdbus: g_strndup: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_get_string_length: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_interface_info_lookup_method: symbol not found\nError relocating /usr/bin/gdbus: g_string_append_len: symbol not found\nError relocating /usr/bin/gdbus: g_string_insert_c: symbol not found\nError relocating /usr/bin/gdbus: libintl_gettext: symbol not found\nError relocating /usr/bin/gdbus: g_error_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_parse_error_print_context: symbol not found\nError relocating /usr/bin/gdbus: g_ascii_table: symbol not found\nError relocating /usr/bin/gdbus: RELRO protection failed: Permission denied\n'
18-06-06 09:53:19 WARNING (MainThread) [hassio.dbus.hostname] Can't connect to hostname
18-06-06 09:53:19 INFO (SyncWorker_0) [hassio.docker.supervisor] Attach to supervisor homeassistant/amd64-hassio-supervisor with version 105
18-06-06 09:53:19 INFO (SyncWorker_2) [hassio.docker.interface] Attach to image homeassistant/qemux86-64-homeassistant with version 0.70.1
18-06-06 09:53:19 INFO (MainThread) [hassio.addons.git] Load addon /data/addons/core repository
18-06-06 09:53:19 INFO (MainThread) [hassio.addons.git] Load addon /data/addons/git/a0d7b954 repository
18-06-06 09:53:19 INFO (MainThread) [hassio.addons] Load addons: 19 all - 19 new - 0 remove
18-06-06 09:53:19 INFO (SyncWorker_2) [hassio.docker.interface] Attach to image hassioaddons/shinobi-amd64 with version 0.2.0
18-06-06 09:53:19 INFO (SyncWorker_3) [hassio.docker.interface] Attach to image hassioaddons/influxdb-amd64 with version 0.1.0
18-06-06 09:53:19 INFO (SyncWorker_0) [hassio.docker.interface] Attach to image hassioaddons/ide-amd64 with version 0.2.0
18-06-06 09:53:19 INFO (SyncWorker_1) [hassio.docker.interface] Attach to image hassioaddons/aircast-amd64 with version 0.4.0
18-06-06 09:53:19 INFO (SyncWorker_4) [hassio.docker.interface] Attach to image hassioaddons/control-panel-amd64 with version 1.1.0
18-06-06 09:53:20 INFO (MainThread) [hassio.updater] Fetch update data from https://s3.amazonaws.com/hassio-version/stable.json
18-06-06 09:53:20 INFO (MainThread) [hassio.snapshots] Found 1 snapshot files
18-06-06 09:53:20 INFO (MainThread) [__main__] Run HassIO
18-06-06 09:53:20 INFO (MainThread) [hassio.misc.dns] Start DNS port forwarding for host add-ons
18-06-06 09:53:20 INFO (MainThread) [hassio.core] Ignore Hass.io auto updates on dev channel
18-06-06 09:53:20 INFO (MainThread) [hassio.core] Start API on 172.30.32.2
18-06-06 09:53:20 INFO (MainThread) [hassio.addons] Startup initialize run 0 addons
18-06-06 09:53:20 INFO (MainThread) [hassio.core] Hass.io reboot detected
18-06-06 09:53:20 INFO (MainThread) [hassio.tasks] All core tasks are scheduled
18-06-06 09:53:20 INFO (MainThread) [hassio.core] Hass.io is up and running
@straccio
Copy link
Author

straccio commented Jun 8, 2018

I think, one of the problem is apparmor ....

@straccio straccio changed the title DNS problems DNS problems [solved by disabling apparmor] Jun 8, 2018
@straccio
Copy link
Author

straccio commented Jun 8, 2018

I confirm that disabling apparmor on ubuntu host there are no problems

@pvizeli
Copy link
Member

pvizeli commented Jun 8, 2018

can you post the dmesg? So I can fix the profile.

@Diaoul
Copy link

Diaoul commented Jun 10, 2018

Is this related to #448? I can't run HassIO on RPi3 using the official image because of those DNS issues...

@straccio
Copy link
Author

Here the log

Jun  6 13:24:29 linux kernel: [157084.306926] audit: type=1400 audit(1528284269.005:327): apparmor="DENIED" operation="open" profile="hassio-supervisor" name="/" pid=8565 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.414486] audit: type=1400 audit(1528284271.112:328): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libgio-2.0.so.0.5400.2" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.416052] audit: type=1400 audit(1528284271.113:329): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libgobject-2.0.so.0.5400.2" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.416594] audit: type=1400 audit(1528284271.115:330): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libglib-2.0.so.0.5400.2" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.417064] audit: type=1400 audit(1528284271.115:331): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libintl.so.8.1.5" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.417568] audit: type=1400 audit(1528284271.116:332): apparmor="DENIED" operation="file_mprotect" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/300075db83bc64a29716165c15053287c7f0087b0df3c3b89aa3a17d870f28de/lib/ld-musl-x86_64.so.1" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.418920] audit: type=1400 audit(1528284271.117:333): apparmor="DENIED" operation="file_mprotect" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/bin/gdbus" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.442382] audit: type=1400 audit(1528284271.140:334): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libgio-2.0.so.0.5400.2" pid=8669 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.442521] audit: type=1400 audit(1528284271.141:335): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libgobject-2.0.so.0.5400.2" pid=8669 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.442621] audit: type=1400 audit(1528284271.141:336): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libglib-2.0.so.0.5400.2" pid=8669 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

@straccio
Copy link
Author

@Diaoul
try this command...

docker exec hassio_supervisor ps -ef

and check if there is a process named socat

PID   USER     TIME   COMMAND
    1 root       0:24 python3 -m hassio
   50 root       0:00 socat UDP-RECVFROM:53,fork UDP-SENDTO:127.0.0.11:53
   94 root       0:00 ps -ef

@Diaoul
Copy link

Diaoul commented Jun 11, 2018

There is no hassio_supervisor container:

# docker ps -a
CONTAINER ID        IMAGE                                      COMMAND                  CREATED             STATUS              PORTS                                            NAMES
d1416d6ced70        homeassistant/raspberrypi3-homeassistant   "python3 -m homeas..."   46 hours ago        Up 46 hours                                                          homeassistant
7feb4de6274e        homeassistant/armhf-addon-configurator     "/run.sh"                46 hours ago        Up 46 hours         0.0.0.0:3218->3218/tcp                           addon_core_configurator
de9978c144de        hassioaddons/appdaemon3-armhf              "/init"                  46 hours ago        Up 46 hours         0.0.0.0:5000->5000/tcp, 0.0.0.0:5050->5050/tcp   addon_a0d7b954_appdaemon3
49431abeb9d9        homeassistant/armhf-addon-ssh              "/run.sh"                2 days ago          Up 2 days           0.0.0.0:22->22/tcp                               addon_core_ssh
ac6e156d2290        homeassistant/armhf-addon-samba            "/usr/bin/entry.sh..."   2 days ago          Up 2 days                                                            addon_core_samba
af153a9e3658        homeassistant/armhf-addon-mosquitto        "/usr/bin/entry.sh..."   2 days ago          Up 2 days           0.0.0.0:1883->1883/tcp, 0.0.0.0:8883->8883/tcp   addon_core_mosquitto
1e474b627caf        homeassistant/armhf-hassio-supervisor      "python3 -m hassio"      2 days ago          Up 2 days                                                            resin_supervisor

Here is the result on resin_supervisor (I guess this was just renamed?):

# docker exec resin_supervisor ps -ef
PID   USER     TIME   COMMAND
    1 root      17:03 python3 -m hassio
   51 root       3:24 socat UDP-RECVFROM:53,fork UDP-SENDTO:127.0.0.11:53
16533 root       0:00 git cat-file --batch-check
28199 root       0:00 ps -ef

An internet DNS query:

# docker exec resin_supervisor nslookup www.google.fr     
nslookup: can't resolve '(null)': Name does not resolve

Name:      www.google.fr
Address 1: 172.217.22.131 par21s12-in-f3.1e100.net
Address 2: 2a00:1450:4007:815::2003 par21s12-in-x03.1e100.net

And a local DNS query just for fun:

# docker exec resin_supervisor nslookup xxx

nslookup: can't resolve '(null)': Name does not resolve
nslookup: can't resolve 'xxx': Name does not resolve

Here is the resolve.conf:

# docker exec resin_supervisor cat /etc/resolv.conf       
nameserver 127.0.0.11
options ndots:0

@pvizeli
Copy link
Member

pvizeli commented Jun 12, 2018

I fix the profile. If you rerun the installer, they should be done (for generic installation)

@straccio
Copy link
Author

straccio commented Jun 13, 2018

Perfect! Now it work!
The dns works but.. hassio_supervisor log tell

18-06-13 09:47:31 INFO (MainThread) [hassio.utils.gdbus] Introspect org.freedesktop.systemd1 on /org/freedesktop/systemd1
18-06-13 09:47:31 ERROR (MainThread) [hassio.utils.gdbus] DBus return error: b'Error connecting: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)\n'
18-06-13 09:47:31 WARNING (MainThread) [hassio.dbus.systemd] Can't connect to systemd
18-06-13 09:47:31 INFO (MainThread) [hassio.utils.gdbus] Introspect org.freedesktop.hostname1 on /org/freedesktop/hostname1
18-06-13 09:47:31 ERROR (MainThread) [hassio.utils.gdbus] DBus return error: b'Error connecting: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)\n'
18-06-13 09:47:31 WARNING (MainThread) [hassio.dbus.hostname] Can't connect to hostname

and the syslog

Jun 13 11:47:31 etabeta kernel: [   18.649656] audit: type=1107 audit(1528883251.551:20): pid=813 uid=107 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=1999 label="docker-default" peer_label="unconfined"
Jun 13 11:47:31 etabeta kernel: [   18.684422] audit: type=1107 audit(1528883251.586:21): pid=813 uid=107 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=2002 label="docker-default" peer_label="unconfined"

Thank you very much!

@Diaoul
Copy link

Diaoul commented Jun 13, 2018 via email

@pvizeli
Copy link
Member

pvizeli commented Jun 14, 2018

Only manual (generic) installation. We add support to supervisor to auto update the profile later in 1-2 weeks.

@pvizeli
Copy link
Member

pvizeli commented Jun 14, 2018

@straccio look like your system use the default docker for supervisor. Do you have use the installer?

@straccio
Copy link
Author

yes, with this command

curl -sL https://raw.githubusercontent.com/home-assistant/hassio-build/master/install/hassio_install | bash -s

@frenck
Copy link
Member

frenck commented Jun 29, 2018

create a file called /etc/docker/daemon.json

{
    "dns": ["192.168.25.25", "8.8.8.8", "8.8.4.4"]
}

P.s. the above case is my personal setting and contains a DNS server in my local network (the Pi-Hole add-on). Be sure to customize this matching your network.

Afterwards run:

service docker restart

@IngmarVerheij
Copy link

IngmarVerheij commented Jul 31, 2018

Can you tell me how you disabled apparmor?
Its blocking socat which is causing DNS issues from the homeassistant container.

@frenck
Copy link
Member

frenck commented Sep 20, 2018

This is no longer an issue, passing in manual DNS servers using a /etc/docker/daemon.json file fixes most of the cases.

Docker has fixed this in their project now and is awaiting a release of the next Docker version.

@Nixellion
Copy link

Did not work for me, I installed fresh docker version yesterday, and hass.io is updated to 0.86.4 and I still can't get DNS to work. I have to go into container and edit resolv.conf manually each time. I tried eidting daemon.json and restarting docker, restarting the whole server, still no luck.

Am I missing any steps? Do I have to reinstall hass container for it to update something?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants