Sitrep / confirmed fix for “unhealthy: privileged” on Armbian Home Assistant Supervised
After installing Home Assistant Supervised via Armbian on an Orange Pi 4 LTS, Supervisor was blocking add-on installation with:
‘AppManager.install’ blocked from execution, system is not healthy - privileged
ha resolution info showed:
unhealthy:
privileged
unsupported:
os
However Docker itself showed the Supervisor container was already privileged:
docker inspect hassio_supervisor –format ‘{{.HostConfig.Privileged}}’
Output:
true
So the problem was not Docker missing –privileged.
The Supervisor log also showed:
Not privileged to run udev monitor!
I checked the Supervisor AppArmor profile:
sudo grep -n ‘deny network raw’ /var/lib/homeassistant/apparmor/hassio-supervisor
It returned:
8: deny network raw,
70: deny network raw,
Removing those deny network raw, lines from the AppArmor profile, reloading the profile, and restarting Supervisor fixed it.
Commands used:
sudo cp -a /var/lib/homeassistant/apparmor/hassio-supervisor /root/hassio-supervisor.apparmor.bak.$(date +%Y%m%d-%H%M%S)
sudo sed -i ‘/^[[:space:]]deny network raw,[[:space:]]$/d’ /var/lib/homeassistant/apparmor/hassio-supervisor
sudo apparmor_parser -r /var/lib/homeassistant/apparmor/hassio-supervisor
sudo docker restart hassio_supervisor
After restart:
ha resolution info
ha supervisor info
Now shows:
unhealthy: []
healthy: true
unsupported:
os
supported: false
I also tested the failing udev/netlink path directly:
sudo docker exec hassio_supervisor python3 -c ‘import pyudev; pyudev.Monitor.from_netlink(pyudev.Context())’
It returned silently with no error.
Conclusion: on this install, the “privileged” unhealthy state was caused by AppArmor blocking raw netlink access via deny network raw, in the hassio-supervisor profile. Docker was already privileged. Removing that AppArmor deny rule fixed Supervisor health and cleared the add-on install blocker.
The remaining unsupported: os warning is expected for Armbian/Supervised and is separate from the privileged health failure.
