Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Mount Access Removed from Next Generation Hardware

See original GitHub issue

Describe the issue you are experiencing

The changes which deprecated access method devices:[“remote:local:rw”] in favor of devices:[“remote”], appear to have removed the ability to mount a drive without disabling protection mode.

In the event a user wishes to mount a drive, there certainly must be a way to do so from an addon without disabling protection mode.

What is the used version of the Supervisor?

supervisor-2021.02.06

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

What is the version of your installed operating system?

5.11

What version of Home Assistant Core is installed?

2021.02.03

Steps to reproduce the issue

Create and add-on with SYS_ADMIN permission
Add /dev/sda1 to config devices (replace with mmcblk0p1 if required)
Disable AppArmor, or add permissions to /dev/sda1
Start the addon
docker exec -it .... bash into the addon
Execute mkdir /tmp/1; mount /dev/sda1 /tmp/1;
Observe error message “are you root?”

Under old device, step 7 executes silently. Under next generation hardware, it fails.

Anything in the Supervisor logs that might be useful for us?

# Put your logs below this line

Issue Analytics

State:
Created 3 years ago
Comments:11 (6 by maintainers)

Top GitHub Comments

1reaction

pvizelicommented, Feb 13, 2021

Real-time permissions requests will not work here, but we could parse AppArmor directives to determine risky behavior and ask the user to confirm at first start of an addon, or to confirm upgrade.

Nice idea with AppArmor patching. Would love to see an PR for that. Anyway the only bug is describe above. Will look in the next weeks into a fix 👍

0reactions

adamoutlercommented, Feb 19, 2021

Parsing add-ons AppArmor to determine permissions. I did some initial work to lay out the initial creation here. https://community.home-assistant.io/t/add-on-permissions-system-coming-soon/282544 @pvizeli

Top Results From Across the Web

Forcepoint Next Generation Firewall 1U Hardware Guide

Forcepoint NGFW appliances support copper, fiber, and small form-factor pluggable (SFP) modules. Note: Do not remove any stickers from modules — they contain ......

Hardware-backed Keystore | Android Open Source Project

Access controls are specified during key generation and enforced for the lifetime of the key. Keys can be restricted to be usable only...

Next Generation Hardware Security - Kensington

Kensington provides USB security locks to ensure data can't be removed or malicious code added.

Replace a Drive on a PA-5200 Series Firewall

Place the failed drive next to the replacement drive with the connectors facing the same direction. Remove the four screws that hold the...

PA-400 Series Next-Gen Firewall Hardware Reference

To use the private-data-reset command, you must access the firewall CLI and enter the command request system private-data-reset. This command ...