FS#70468 - Home-assistant 2021.4.4-2 fails with integrations like Roomba
Attached to Project:
Community Packages
Opened by Joel Sevilleja (jsevilleja) - Friday, 16 April 2021, 08:44 GMT
Last edited by Maxime Gauduin (Alucryd) - Friday, 13 August 2021, 14:17 GMT
Opened by Joel Sevilleja (jsevilleja) - Friday, 16 April 2021, 08:44 GMT
Last edited by Maxime Gauduin (Alucryd) - Friday, 13 August 2021, 14:17 GMT
|
Details
Description: Home-assistant fails with integrations like
Roomba
Additional info: * package version(s): 2021.4.4-2 * config and/or log files etc: Attached Steps to reproduce: When trying to start the service, the integration can't be setup because async_dns tries to write into /.config (which doesn't exist, and doesn't have permission to). Fix: edit systemd unit file, and add: Environment=HOME=/var/lib/hass WorkingDirectory=/var/lib/hass (maybe this one is unnecessary). Kind regards, |
This task depends upon
Closed by Maxime Gauduin (Alucryd)
Friday, 13 August 2021, 14:17 GMT
Reason for closing: Fixed
Additional comments about closing: 2021.7.4-2
Friday, 13 August 2021, 14:17 GMT
Reason for closing: Fixed
Additional comments about closing: 2021.7.4-2
/etc/passwd has the users systemd-journal-remote, systemd-network, systemd-resolve, systemd-timesync, systemd-coredump, systemd-oom
/etc/group has the groups systemd-journal, systemd-journal-remote, systemd-network, systemd-resolve, systemd-timesync, systemd-coredump, systemd-oom
/etc/nsswitch.conf has
passwd: files systemd
group: files [SUCCESS=merge] systemd
"UID/GIDs are recycled after a unit is terminated. Care should be taken that any processes running as part of a unit for which dynamic users/groups are enabled do not leave files or directories owned by these users/groups around"
(https://www.freedesktop.org/software/systemd/man/systemd.exec.html)
It systems that systemd dynamic users are inappropriate for services that need to store any kind of state files across restarts. I think home-assistant should be migrated to a real user instead (with it's home directory set to /var/lib/hass).
As for dynamic users, we are using them properly, I think you misunderstand what you quoted, care should be taken to not leave files _outside_ of specific directories. The StateDirectory stanza is designed to work alongside dynamic users and is chowned with every restart (and uid/gid reassigning).
Quoting systemd.exec as well: "Use StateDirectory=, CacheDirectory= and LogsDirectory= in order to assign a set of writable directories for specific purposes to the service in a way that they are protected from vulnerabilities due to UID reuse (see below)."
Thanks for clarifying the dynamic users. I missed the StateDirectory information when skimming the docs.
The newer releases with the HOME environment variable set have resolved the issues.