DNS problems [solved by disabling apparmor]

[straccio]

Good morning and good job.
I have installed hassio with docker on Ubuntu.
All work ok except the dns resolution of "homeassistant" container.

I tried to reinstall all the containers but I did not solve them

After some days digging in internet and looking for a solution in the sources... i have found the problem.
The hassio_supervisor container does not start socat for forward dns (but why you need a dns forwarder to docker dns instead use docker dns directly when launching homeassistant container?)

Running socat command manually or change homeassistant configuration in order to use directly 127.0.0.11 instead hassio_supervisior for dns resolution solve the problem

here some logs and info

$ docker --version
Docker version 17.12.0-ce, build c97c6d6
$ cat /etc/issue
Ubuntu 17.10 \n \l
$ docker images
REPOSITORY                               TAG                 IMAGE ID            CREATED             SIZE
homeassistant/qemux86-64-homeassistant   0.70.1              690b4c1aea5f        5 days ago          1.19GB
homeassistant/qemux86-64-homeassistant   latest              690b4c1aea5f        5 days ago          1.19GB
homeassistant/amd64-hassio-supervisor    105                 a3db136dfcae        7 days ago          129MB
homeassistant/amd64-hassio-supervisor    latest              a3db136dfcae        7 days ago          129MB
hassioaddons/influxdb-amd64              0.1.0               062066be9f4e        9 days ago          435MB
hassioaddons/influxdb-amd64              latest              062066be9f4e        9 days ago          435MB
hassioaddons/ide-amd64                   0.2.0               3d81fc0d19ef        3 weeks ago         331MB
hassioaddons/ide-amd64                   latest              3d81fc0d19ef        3 weeks ago         331MB
hassioaddons/shinobi-amd64               0.2.0               1787ba14db62        3 weeks ago         296MB
hassioaddons/shinobi-amd64               latest              1787ba14db62        3 weeks ago         296MB
hassioaddons/control-panel-amd64         1.1.0               138bb80dca5a        3 weeks ago         23.4MB
hassioaddons/control-panel-amd64         latest              138bb80dca5a        3 weeks ago         23.4MB
hassioaddons/aircast-amd64               0.4.0               7d21f00cf152        3 weeks ago         137MB
hassioaddons/aircast-amd64               latest              7d21f00cf152        3 weeks ago         137MB


$ docker exec -i -t hassio_supervisor cat /etc/resolv.conf
search newhome.lan
nameserver 127.0.0.11
options ndots:0
$ docker exec -i -t hassio_supervisor ping -c1 www.google.com
PING www.google.com (216.58.198.4): 56 data bytes
64 bytes from 216.58.198.4: seq=0 ttl=57 time=24.156 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 24.156/24.156/24.156 ms

$ docker exec -i -t homeassistant cat /etc/resolv.conf
nameserver 172.30.32.2
options ndots:0
$ docker exec -i -t homeassistant ping -c1 www.google.com
ping: bad address 'www.google.com'

18-06-06 09:53:19 INFO (MainThread) [__main__] Initialize Hassio setup
18-06-06 09:53:19 INFO (MainThread) [__main__] Setup HassIO
18-06-06 09:53:19 INFO (MainThread) [hassio.utils.gdbus] Introspect org.freedesktop.systemd1 on /org/freedesktop/systemd1
18-06-06 09:53:19 ERROR (MainThread) [hassio.utils.gdbus] DBus return error: b'Error loading shared library libgio-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libgobject-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libglib-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libintl.so.8: Permission denied (needed by /usr/bin/gdbus)\nError relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied\nError relocating /usr/bin/gdbus: g_option_context_get_help: symbol not found\nError relocating /usr/bin/gdbus: g_variant_parse: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_new_for_xml: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_unref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_checked_: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_description: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_add_main_entries: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_add_value: symbol not found\nError relocating /usr/bin/gdbus: g_string_new: symbol not found\nError relocating /usr/bin/gdbus: g_object_unref: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_new_for_address_sync: symbol not found\nError relocating /usr/bin/gdbus: g_free: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_get_unique_name: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_is_of_type: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_signal_subscribe: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_unref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_clear: symbol not found\nError relocating /usr/bin/gdbus: g_str_equal: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_end: symbol not found\nError relocating /usr/bin/gdbus: g_print: symbol not found\nError relocating /usr/bin/gdbus: libintl_textdomain: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_unref: symbol not found\nError relocating /usr/bin/gdbus: g_printerr: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_lookup: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_dup_string: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_unref: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_add_group: symbol not found\nError relocating /usr/bin/gdbus: g_variant_print: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_summary: symbol not found\nError relocating /usr/bin/gdbus: g_list_sort: symbol not found\nError relocating /usr/bin/gdbus: g_variant_is_object_path: symbol not found\nError relocating /usr/bin/gdbus: g_set_error: symbol not found\nError relocating /usr/bin/gdbus: g_assertion_message_expr: symbol not found\nError relocating /usr/bin/gdbus: g_io_error_quark: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_unique_name: symbol not found\nError relocating /usr/bin/gdbus: libintl_bind_textdomain_codeset: symbol not found\nError relocating /usr/bin/gdbus: g_string_free: symbol not found\nError relocating /usr/bin/gdbus: libintl_bindtextdomain: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_flush_sync: symbol not found\nError relocating /usr/bin/gdbus: g_bus_get_sync: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_init: symbol not found\nError relocating /usr/bin/gdbus: g_strcmp0: symbol not found\nError relocating /usr/bin/gdbus: g_variant_ref_sink: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_add: symbol not found\nError relocating /usr/bin/gdbus: g_strdup_printf: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_get_keys: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_signal_unsubscribe: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_new_with_free_func: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_new_full: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_help_enabled: symbol not found\nError relocating /usr/bin/gdbus: g_source_remove: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_add_entries: symbol not found\nError relocating /usr/bin/gdbus: g_bus_watch_name_on_connection: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_peek_string: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_name: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_new: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_error_quark: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_run: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_insert: symbol not found\nError relocating /usr/bin/gdbus: g_shell_parse_argv: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_unref: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_call_sync: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_free: symbol not found\nError relocating /usr/bin/gdbus: g_bus_unwatch_name: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_lookup_interface: symbol not found\nError relocating /usr/bin/gdbus: g_variant_ref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_next_value: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_parse: symbol not found\nError relocating /usr/bin/gdbus: g_list_free: symbol not found\nError relocating /usr/bin/gdbus: g_str_hash: symbol not found\nError relocating /usr/bin/gdbus: g_string_append: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_set_translation_domain: symbol not found\nError relocating /usr/bin/gdbus: g_main_context_iteration: symbol not found\nError relocating /usr/bin/gdbus: g_str_has_prefix: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_new: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_loop: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_interface_name: symbol not found\nError relocating /usr/bin/gdbus: g_variant_new: symbol not found\nError relocating /usr/bin/gdbus: g_variant_get: symbol not found\nError relocating /usr/bin/gdbus: g_strdup: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_emit_signal: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_new: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_ignore_unknown_options: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_new: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_member_name: symbol not found\nError relocating /usr/bin/gdbus: g_path_get_basename: symbol not found\nError relocating /usr/bin/gdbus: g_timeout_add: symbol not found\nError relocating /usr/bin/gdbus: g_error_matches: symbol not found\nError relocating /usr/bin/gdbus: g_strndup: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_get_string_length: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_interface_info_lookup_method: symbol not found\nError relocating /usr/bin/gdbus: g_string_append_len: symbol not found\nError relocating /usr/bin/gdbus: g_string_insert_c: symbol not found\nError relocating /usr/bin/gdbus: libintl_gettext: symbol not found\nError relocating /usr/bin/gdbus: g_error_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_parse_error_print_context: symbol not found\nError relocating /usr/bin/gdbus: g_ascii_table: symbol not found\nError relocating /usr/bin/gdbus: RELRO protection failed: Permission denied\n'
18-06-06 09:53:19 WARNING (MainThread) [hassio.dbus.systemd] Can't connect to systemd
18-06-06 09:53:19 INFO (MainThread) [hassio.utils.gdbus] Introspect org.freedesktop.hostname1 on /org/freedesktop/hostname1
18-06-06 09:53:19 ERROR (MainThread) [hassio.utils.gdbus] DBus return error: b'Error loading shared library libgio-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libgobject-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libglib-2.0.so.0: Permission denied (needed by /usr/bin/gdbus)\nError loading shared library libintl.so.8: Permission denied (needed by /usr/bin/gdbus)\nError relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied\nError relocating /usr/bin/gdbus: g_option_context_get_help: symbol not found\nError relocating /usr/bin/gdbus: g_variant_parse: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_new_for_xml: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_unref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_checked_: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_description: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_add_main_entries: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_add_value: symbol not found\nError relocating /usr/bin/gdbus: g_string_new: symbol not found\nError relocating /usr/bin/gdbus: g_object_unref: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_new_for_address_sync: symbol not found\nError relocating /usr/bin/gdbus: g_free: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_get_unique_name: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_is_of_type: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_signal_subscribe: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_unref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_clear: symbol not found\nError relocating /usr/bin/gdbus: g_str_equal: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_end: symbol not found\nError relocating /usr/bin/gdbus: g_print: symbol not found\nError relocating /usr/bin/gdbus: libintl_textdomain: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_unref: symbol not found\nError relocating /usr/bin/gdbus: g_printerr: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_lookup: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_dup_string: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_unref: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_add_group: symbol not found\nError relocating /usr/bin/gdbus: g_variant_print: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_summary: symbol not found\nError relocating /usr/bin/gdbus: g_list_sort: symbol not found\nError relocating /usr/bin/gdbus: g_variant_is_object_path: symbol not found\nError relocating /usr/bin/gdbus: g_set_error: symbol not found\nError relocating /usr/bin/gdbus: g_assertion_message_expr: symbol not found\nError relocating /usr/bin/gdbus: g_io_error_quark: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_unique_name: symbol not found\nError relocating /usr/bin/gdbus: libintl_bind_textdomain_codeset: symbol not found\nError relocating /usr/bin/gdbus: g_string_free: symbol not found\nError relocating /usr/bin/gdbus: libintl_bindtextdomain: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_flush_sync: symbol not found\nError relocating /usr/bin/gdbus: g_bus_get_sync: symbol not found\nError relocating /usr/bin/gdbus: g_variant_builder_init: symbol not found\nError relocating /usr/bin/gdbus: g_strcmp0: symbol not found\nError relocating /usr/bin/gdbus: g_variant_ref_sink: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_add: symbol not found\nError relocating /usr/bin/gdbus: g_strdup_printf: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_get_keys: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_signal_unsubscribe: symbol not found\nError relocating /usr/bin/gdbus: g_ptr_array_new_with_free_func: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_new_full: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_help_enabled: symbol not found\nError relocating /usr/bin/gdbus: g_source_remove: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_add_entries: symbol not found\nError relocating /usr/bin/gdbus: g_bus_watch_name_on_connection: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_peek_string: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_name: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_new: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_error_quark: symbol not found\nError relocating /usr/bin/gdbus: g_main_loop_run: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_insert: symbol not found\nError relocating /usr/bin/gdbus: g_shell_parse_argv: symbol not found\nError relocating /usr/bin/gdbus: g_hash_table_unref: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_call_sync: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_free: symbol not found\nError relocating /usr/bin/gdbus: g_bus_unwatch_name: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_node_info_lookup_interface: symbol not found\nError relocating /usr/bin/gdbus: g_variant_ref: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_next_value: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_parse: symbol not found\nError relocating /usr/bin/gdbus: g_list_free: symbol not found\nError relocating /usr/bin/gdbus: g_str_hash: symbol not found\nError relocating /usr/bin/gdbus: g_string_append: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_set_translation_domain: symbol not found\nError relocating /usr/bin/gdbus: g_main_context_iteration: symbol not found\nError relocating /usr/bin/gdbus: g_str_has_prefix: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_new: symbol not found\nError relocating /usr/bin/gdbus: g_variant_iter_loop: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_interface_name: symbol not found\nError relocating /usr/bin/gdbus: g_variant_new: symbol not found\nError relocating /usr/bin/gdbus: g_variant_get: symbol not found\nError relocating /usr/bin/gdbus: g_strdup: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_connection_emit_signal: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_new: symbol not found\nError relocating /usr/bin/gdbus: g_option_context_set_ignore_unknown_options: symbol not found\nError relocating /usr/bin/gdbus: g_option_group_new: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_is_member_name: symbol not found\nError relocating /usr/bin/gdbus: g_path_get_basename: symbol not found\nError relocating /usr/bin/gdbus: g_timeout_add: symbol not found\nError relocating /usr/bin/gdbus: g_error_matches: symbol not found\nError relocating /usr/bin/gdbus: g_strndup: symbol not found\nError relocating /usr/bin/gdbus: g_variant_type_get_string_length: symbol not found\nError relocating /usr/bin/gdbus: g_dbus_interface_info_lookup_method: symbol not found\nError relocating /usr/bin/gdbus: g_string_append_len: symbol not found\nError relocating /usr/bin/gdbus: g_string_insert_c: symbol not found\nError relocating /usr/bin/gdbus: libintl_gettext: symbol not found\nError relocating /usr/bin/gdbus: g_error_free: symbol not found\nError relocating /usr/bin/gdbus: g_variant_parse_error_print_context: symbol not found\nError relocating /usr/bin/gdbus: g_ascii_table: symbol not found\nError relocating /usr/bin/gdbus: RELRO protection failed: Permission denied\n'
18-06-06 09:53:19 WARNING (MainThread) [hassio.dbus.hostname] Can't connect to hostname
18-06-06 09:53:19 INFO (SyncWorker_0) [hassio.docker.supervisor] Attach to supervisor homeassistant/amd64-hassio-supervisor with version 105
18-06-06 09:53:19 INFO (SyncWorker_2) [hassio.docker.interface] Attach to image homeassistant/qemux86-64-homeassistant with version 0.70.1
18-06-06 09:53:19 INFO (MainThread) [hassio.addons.git] Load addon /data/addons/core repository
18-06-06 09:53:19 INFO (MainThread) [hassio.addons.git] Load addon /data/addons/git/a0d7b954 repository
18-06-06 09:53:19 INFO (MainThread) [hassio.addons] Load addons: 19 all - 19 new - 0 remove
18-06-06 09:53:19 INFO (SyncWorker_2) [hassio.docker.interface] Attach to image hassioaddons/shinobi-amd64 with version 0.2.0
18-06-06 09:53:19 INFO (SyncWorker_3) [hassio.docker.interface] Attach to image hassioaddons/influxdb-amd64 with version 0.1.0
18-06-06 09:53:19 INFO (SyncWorker_0) [hassio.docker.interface] Attach to image hassioaddons/ide-amd64 with version 0.2.0
18-06-06 09:53:19 INFO (SyncWorker_1) [hassio.docker.interface] Attach to image hassioaddons/aircast-amd64 with version 0.4.0
18-06-06 09:53:19 INFO (SyncWorker_4) [hassio.docker.interface] Attach to image hassioaddons/control-panel-amd64 with version 1.1.0
18-06-06 09:53:20 INFO (MainThread) [hassio.updater] Fetch update data from https://s3.amazonaws.com/hassio-version/stable.json
18-06-06 09:53:20 INFO (MainThread) [hassio.snapshots] Found 1 snapshot files
18-06-06 09:53:20 INFO (MainThread) [__main__] Run HassIO
18-06-06 09:53:20 INFO (MainThread) [hassio.misc.dns] Start DNS port forwarding for host add-ons
18-06-06 09:53:20 INFO (MainThread) [hassio.core] Ignore Hass.io auto updates on dev channel
18-06-06 09:53:20 INFO (MainThread) [hassio.core] Start API on 172.30.32.2
18-06-06 09:53:20 INFO (MainThread) [hassio.addons] Startup initialize run 0 addons
18-06-06 09:53:20 INFO (MainThread) [hassio.core] Hass.io reboot detected
18-06-06 09:53:20 INFO (MainThread) [hassio.tasks] All core tasks are scheduled
18-06-06 09:53:20 INFO (MainThread) [hassio.core] Hass.io is up and running

[straccio]

I think, one of the problem is apparmor ....

[straccio]

I confirm that disabling apparmor on ubuntu host there are no problems

[pvizeli]

can you post the dmesg? So I can fix the profile.

[Diaoul]

Is this related to #448? I can't run HassIO on RPi3 using the official image because of those DNS issues...

[straccio]

Here the log

Jun  6 13:24:29 linux kernel: [157084.306926] audit: type=1400 audit(1528284269.005:327): apparmor="DENIED" operation="open" profile="hassio-supervisor" name="/" pid=8565 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.414486] audit: type=1400 audit(1528284271.112:328): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libgio-2.0.so.0.5400.2" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.416052] audit: type=1400 audit(1528284271.113:329): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libgobject-2.0.so.0.5400.2" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.416594] audit: type=1400 audit(1528284271.115:330): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libglib-2.0.so.0.5400.2" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.417064] audit: type=1400 audit(1528284271.115:331): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libintl.so.8.1.5" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.417568] audit: type=1400 audit(1528284271.116:332): apparmor="DENIED" operation="file_mprotect" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/300075db83bc64a29716165c15053287c7f0087b0df3c3b89aa3a17d870f28de/lib/ld-musl-x86_64.so.1" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.418920] audit: type=1400 audit(1528284271.117:333): apparmor="DENIED" operation="file_mprotect" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/bin/gdbus" pid=8668 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.442382] audit: type=1400 audit(1528284271.140:334): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libgio-2.0.so.0.5400.2" pid=8669 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.442521] audit: type=1400 audit(1528284271.141:335): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libgobject-2.0.so.0.5400.2" pid=8669 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jun  6 13:24:31 linux kernel: [157086.442621] audit: type=1400 audit(1528284271.141:336): apparmor="DENIED" operation="open" profile="hassio-supervisor///usr/bin/gdbus" name="/var/lib/docker/aufs/diff/a9ba9f867ff86e28d2c79b205d05130bd8031c554fc44e218c2c9e94f319384c/usr/lib/libglib-2.0.so.0.5400.2" pid=8669 comm="gdbus" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

[straccio]

@Diaoul
try this command...

docker exec hassio_supervisor ps -ef

and check if there is a process named socat

PID   USER     TIME   COMMAND
    1 root       0:24 python3 -m hassio
   50 root       0:00 socat UDP-RECVFROM:53,fork UDP-SENDTO:127.0.0.11:53
   94 root       0:00 ps -ef

[Diaoul]

There is no hassio_supervisor container:

# docker ps -a
CONTAINER ID        IMAGE                                      COMMAND                  CREATED             STATUS              PORTS                                            NAMES
d1416d6ced70        homeassistant/raspberrypi3-homeassistant   "python3 -m homeas..."   46 hours ago        Up 46 hours                                                          homeassistant
7feb4de6274e        homeassistant/armhf-addon-configurator     "/run.sh"                46 hours ago        Up 46 hours         0.0.0.0:3218->3218/tcp                           addon_core_configurator
de9978c144de        hassioaddons/appdaemon3-armhf              "/init"                  46 hours ago        Up 46 hours         0.0.0.0:5000->5000/tcp, 0.0.0.0:5050->5050/tcp   addon_a0d7b954_appdaemon3
49431abeb9d9        homeassistant/armhf-addon-ssh              "/run.sh"                2 days ago          Up 2 days           0.0.0.0:22->22/tcp                               addon_core_ssh
ac6e156d2290        homeassistant/armhf-addon-samba            "/usr/bin/entry.sh..."   2 days ago          Up 2 days                                                            addon_core_samba
af153a9e3658        homeassistant/armhf-addon-mosquitto        "/usr/bin/entry.sh..."   2 days ago          Up 2 days           0.0.0.0:1883->1883/tcp, 0.0.0.0:8883->8883/tcp   addon_core_mosquitto
1e474b627caf        homeassistant/armhf-hassio-supervisor      "python3 -m hassio"      2 days ago          Up 2 days                                                            resin_supervisor

Here is the result on resin_supervisor (I guess this was just renamed?):

# docker exec resin_supervisor ps -ef
PID   USER     TIME   COMMAND
    1 root      17:03 python3 -m hassio
   51 root       3:24 socat UDP-RECVFROM:53,fork UDP-SENDTO:127.0.0.11:53
16533 root       0:00 git cat-file --batch-check
28199 root       0:00 ps -ef

An internet DNS query:

# docker exec resin_supervisor nslookup www.google.fr     
nslookup: can't resolve '(null)': Name does not resolve

Name:      www.google.fr
Address 1: 172.217.22.131 par21s12-in-f3.1e100.net
Address 2: 2a00:1450:4007:815::2003 par21s12-in-x03.1e100.net

And a local DNS query just for fun:

# docker exec resin_supervisor nslookup xxx

nslookup: can't resolve '(null)': Name does not resolve
nslookup: can't resolve 'xxx': Name does not resolve

Here is the resolve.conf:

# docker exec resin_supervisor cat /etc/resolv.conf       
nameserver 127.0.0.11
options ndots:0

[pvizeli]

I fix the profile. If you rerun the installer, they should be done (for generic installation)

[straccio]

Perfect! Now it work!
The dns works but.. hassio_supervisor log tell

18-06-13 09:47:31 INFO (MainThread) [hassio.utils.gdbus] Introspect org.freedesktop.systemd1 on /org/freedesktop/systemd1
18-06-13 09:47:31 ERROR (MainThread) [hassio.utils.gdbus] DBus return error: b'Error connecting: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)\n'
18-06-13 09:47:31 WARNING (MainThread) [hassio.dbus.systemd] Can't connect to systemd
18-06-13 09:47:31 INFO (MainThread) [hassio.utils.gdbus] Introspect org.freedesktop.hostname1 on /org/freedesktop/hostname1
18-06-13 09:47:31 ERROR (MainThread) [hassio.utils.gdbus] DBus return error: b'Error connecting: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)\n'
18-06-13 09:47:31 WARNING (MainThread) [hassio.dbus.hostname] Can't connect to hostname

and the syslog

Jun 13 11:47:31 etabeta kernel: [   18.649656] audit: type=1107 audit(1528883251.551:20): pid=813 uid=107 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=1999 label="docker-default" peer_label="unconfined"
Jun 13 11:47:31 etabeta kernel: [   18.684422] audit: type=1107 audit(1528883251.586:21): pid=813 uid=107 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=2002 label="docker-default" peer_label="unconfined"

Thank you very much!

[Diaoul]

Will this change be made available for hassio images on RPi or is it just for manual installs?

[pvizeli]

Only manual (generic) installation. We add support to supervisor to auto update the profile later in 1-2 weeks.

[pvizeli]

@straccio look like your system use the default docker for supervisor. Do you have use the installer?

[straccio]

yes, with this command

curl -sL https://raw.githubusercontent.com/home-assistant/hassio-build/master/install/hassio_install | bash -s

[frenck]

create a file called /etc/docker/daemon.json

{
    "dns": ["192.168.25.25", "8.8.8.8", "8.8.4.4"]
}

P.s. the above case is my personal setting and contains a DNS server in my local network (the Pi-Hole add-on). Be sure to customize this matching your network.

Afterwards run:

service docker restart

[IngmarVerheij]

Can you tell me how you disabled apparmor?
Its blocking socat which is causing DNS issues from the homeassistant container.

[frenck]

This is no longer an issue, passing in manual DNS servers using a /etc/docker/daemon.json file fixes most of the cases.

Docker has fixed this in their project now and is awaiting a release of the next Docker version.

[Nixellion]

Did not work for me, I installed fresh docker version yesterday, and hass.io is updated to 0.86.4 and I still can't get DNS to work. I have to go into container and edit resolv.conf manually each time. I tried eidting daemon.json and restarting docker, restarting the whole server, still no luck.

Am I missing any steps? Do I have to reinstall hass container for it to update something?