Hello everyone!
I’m trying to modify the Home Assitant image to grant python some permissions.
So I’ve created a script named python-permissions in /config/custom-cont-init.d
#!/bin/bash
echo "***** changing python permissions *****"
setcap 'cap_net_raw,cap_net_admin+eip' `readlink -f \`which python3\``
getcap `readlink -f \`which python3\``
The script is found and seems to be executed correctly.
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 50-config: executing...
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-usb-gid: executing...
[cont-init.d] 60-usb-gid: exited 0.
[cont-init.d] 90-custom-folders: executing...
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] files found in /config/custom-cont-init.d executing
[custom-init] python-permissions: executing...
***** changing python permissions *****
/usr/bin/python3.9 cap_net_admin,cap_net_raw=eip
[custom-init] python-permissions: exited 0
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
As you can see, the getcap command here returns what I would expect. But when I exec into the container that same command gives another result.
pi@raspberrypi:~/docker $ docker exec -it homeassistant bash
root@raspberrypi:/# getcap `readlink -f \`which python3\``
/usr/bin/python3.9 cap_net_bind_service=ep
root@raspberrypi:/# ls
app config dev etc init libexec mnt pip-packages root sbin sys usr
bin defaults docker-mods home lib media opt proc run srv tmp var
root@raspberrypi:/#
I must be missing something…
Can someone help with this please?
Thanks!