diff --git a/.editorconfig b/.editorconfig old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/issue.bug.yml b/.github/ISSUE_TEMPLATE/issue.bug.yml old mode 100755 new mode 100644 diff --git a/.github/ISSUE_TEMPLATE/issue.feature.yml b/.github/ISSUE_TEMPLATE/issue.feature.yml old mode 100755 new mode 100644 diff --git a/.github/workflows/permissions.yml b/.github/workflows/permissions.yml old mode 100755 new mode 100644 diff --git a/README.md b/README.md index c978204..daf328c 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ In order to provide HA with access to the host's Bluetooth device, one needs to #### Docker Cli: ```bash ---cap-add=NET_ADMIN --cap-add=NET_RAW -v /var/run/dbus:/var/run/dbus:ro +--cap-add=NET_ADMIN --cap-add=NET_RAW -v /run/dbus:/run/dbus:ro ``` #### Docker Compose: @@ -86,9 +86,11 @@ In order to provide HA with access to the host's Bluetooth device, one needs to - NET_ADMIN - NET_RAW volumes: - - /var/run/dbus:/var/run/dbus:ro + - /run/dbus:/run/dbus:ro ``` +If the dbus path on host differs, such as `/var/run/dbus`, then you can map it as `/var/run/dbus:/run/dbus:ro`. + ### Using the Ping integration For the [Ping][ping0] integration to work, the capability `NET_RAW` must be added to the container. See above for instructions. @@ -316,6 +318,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **19.09.25:** - Add the necessary capabilities in the container to allow the unprivileged user access to bluetooth stack. * **03.01.25:** - Rebase to alpine 3.21. * **04.12.24:** - Make setcap target dynamic. * **07.11.24:** - Add go2rtc binary. diff --git a/readme-vars.yml b/readme-vars.yml index 3b2fa94..f2a279f 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -51,7 +51,7 @@ app_setup_block: | #### Docker Cli: ```bash - --cap-add=NET_ADMIN --cap-add=NET_RAW -v /var/run/dbus:/var/run/dbus:ro + --cap-add=NET_ADMIN --cap-add=NET_RAW -v /run/dbus:/run/dbus:ro ``` #### Docker Compose: @@ -60,9 +60,11 @@ app_setup_block: | - NET_ADMIN - NET_RAW volumes: - - /var/run/dbus:/var/run/dbus:ro + - /run/dbus:/run/dbus:ro ``` + If the dbus path on host differs, such as `/var/run/dbus`, then you can map it as `/var/run/dbus:/run/dbus:ro`. + ### Using the Ping integration For the [Ping][ping0] integration to work, the capability `NET_RAW` must be added to the container. See above for instructions. @@ -114,6 +116,7 @@ init_diagram: | "homeassistant:latest" <- Base Images # changelog changelogs: + - {date: "19.09.25:", desc: "Add the necessary capabilities in the container to allow the unprivileged user access to bluetooth stack."} - {date: "03.01.25:", desc: "Rebase to alpine 3.21."} - {date: "04.12.24:", desc: "Make setcap target dynamic."} - {date: "07.11.24:", desc: "Add go2rtc binary."} diff --git a/root/etc/s6-overlay/s6-rc.d/svc-homeassistant/run b/root/etc/s6-overlay/s6-rc.d/svc-homeassistant/run index 5c7690e..31afe7e 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-homeassistant/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-homeassistant/run @@ -3,7 +3,12 @@ PY_LOCAL_PATH=$(find /usr/local/lib -maxdepth 1 -name python* -type d) PY_LOCAL_BIN=$(basename "${PY_LOCAL_PATH}") -setcap 'cap_net_bind_service=+ep' "/usr/local/bin/${PY_LOCAL_BIN}" +if capsh --has-p=cap_net_admin 2>/dev/null && capsh --has-p=cap_net_raw 2>/dev/null; then + echo "Adding cap_net_admin and cap_net_raw to python binary for bt access" + setcap 'cap_net_bind_service,cap_net_raw,cap_net_admin=+ep' "/usr/local/bin/${PY_LOCAL_BIN}" +else + setcap 'cap_net_bind_service=+ep' "/usr/local/bin/${PY_LOCAL_BIN}" +fi if [[ -z "${DISABLE_JEMALLOC+x}" ]]; then export LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"