Jump to content

mljhbLZJEFBlbv

Validating
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation Activity

  1. Like
    sr4armbian
    mljhbLZJEFBlbv got a reaction from sr4armbian in Armbian with preinstalled Home Assistant supervised   
    Sitrep / confirmed fix for “unhealthy: privileged” on Armbian Home Assistant Supervised
    After installing Home Assistant Supervised via Armbian on an Orange Pi 4 LTS, Supervisor was blocking add-on installation with:
    ‘AppManager.install’ blocked from execution, system is not healthy - privileged
    ha resolution info showed:
    unhealthy:
    privileged
    unsupported:
    os
    However Docker itself showed the Supervisor container was already privileged:
    docker inspect hassio_supervisor –format ‘{{.HostConfig.Privileged}}’
    Output:
    true
    So the problem was not Docker missing –privileged.
    The Supervisor log also showed:
    Not privileged to run udev monitor!
    I checked the Supervisor AppArmor profile:
    sudo grep -n ‘deny network raw’ /var/lib/homeassistant/apparmor/hassio-supervisor
    It returned:
    8:  deny network raw,
    70:    deny network raw,
    Removing those deny network raw, lines from the AppArmor profile, reloading the profile, and restarting Supervisor fixed it.
    Commands used:
    sudo cp -a /var/lib/homeassistant/apparmor/hassio-supervisor /root/hassio-supervisor.apparmor.bak.$(date +%Y%m%d-%H%M%S)
    sudo sed -i ‘/^[[:space:]]deny network raw,[[:space:]]$/d’ /var/lib/homeassistant/apparmor/hassio-supervisor
    sudo apparmor_parser -r /var/lib/homeassistant/apparmor/hassio-supervisor
    sudo docker restart hassio_supervisor
    After restart:
    ha resolution info
    ha supervisor info
    Now shows:
    unhealthy: []
    healthy: true
    unsupported:
    os
    supported: false
    I also tested the failing udev/netlink path directly:
    sudo docker exec hassio_supervisor python3 -c ‘import pyudev; pyudev.Monitor.from_netlink(pyudev.Context())’
    It returned silently with no error.
    Conclusion: on this install, the “privileged” unhealthy state was caused by AppArmor blocking raw netlink access via deny network raw, in the hassio-supervisor profile. Docker was already privileged. Removing that AppArmor deny rule fixed Supervisor health and cleared the add-on install blocker.
    The remaining unsupported: os warning is expected for Armbian/Supervised and is separate from the privileged health failure.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines

  I accept