Lxd and homeassistant

LXD
1

Hello,

I am trying to install Home Assistant Supervised in an unprivileged docker container. Here is my config:

$ lxc config show homeassist
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bullseye amd64 (20220505_05:24)
  image.os: Debian
  image.release: bullseye
  image.serial: "20220505_05:24"
  image.type: squashfs
  image.variant: default
  security.nesting: "true"
  security.syscalls.intercept.bpf: "true"
  security.syscalls.intercept.bpf.devices: "true"
  security.syscalls.intercept.mknod: "true"
  security.syscalls.intercept.setxattr: "true"
  volatile.base_image: b208be834f26f653b7de529df7b2c4a8f9df6b7a3fe8a788aaf7b983b89b2a46
  volatile.cloud-init.instance-id: ce18ab0c-100a-4d1c-9286-b38b78ebe6b0
  volatile.eth0.host_name: veth10bae63c
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 0e1dab12-c9af-43d6-ab29-0468a9ed147d
devices:
  docker:
    path: /var/lib/docker
    pool: docker
    source: homeassist
    type: disk
ephemeral: false
profiles:
- vlan400profile
stateful: false
description: ""

The config was created following the tutorial Running Docker inside of a LXD container - YouTube

Unfortunately, docker throws up error


2-05-07 18:22:58 WARNING (MainThread) [supervisor.resolution.evaluations.base] AppArmor is required for Home Assistant. (more-info: https://www.home-assistant.io/more-info/unsupported/
apparmor)                                                                                                                                                                                 
22-05-07 18:22:58 INFO (MainThread) [supervisor.resolution.evaluate] System evaluation complete
22-05-07 18:22:58 INFO (MainThread) [__main__] Setting up Supervisor
22-05-07 18:22:58 INFO (MainThread) [supervisor.api] Starting API on 172.30.32.2
22-05-07 18:22:58 CRITICAL (MainThread) [supervisor.hardware.monitor] Not privileged to run udev monitor!
22-05-07 18:22:58 INFO (MainThread) [supervisor.dbus.manager] Load dbus interface io.hass.os
22-05-07 18:22:58 INFO (MainThread) [supervisor.dbus.manager] Load dbus interface org.freedesktop.systemd1
22-05-07 18:22:58 INFO (MainThread) [supervisor.dbus.manager] Load dbus interface org.freedesktop.login1
22-05-07 18:22:58 INFO (MainThread) [supervisor.dbus.manager] Load dbus interface org.freedesktop.hostname1
22-05-07 18:22:58 INFO (MainThread) [supervisor.dbus.manager] Load dbus interface org.freedesktop.timedate1
22-05-07 18:22:59 INFO (MainThread) [supervisor.dbus.manager] Load dbus interface org.freedesktop.NetworkManager
22-05-07 18:22:59 INFO (MainThread) [supervisor.dbus.manager] Load dbus interface de.pengutronix.rauc
22-05-07 18:22:59 WARNING (MainThread) [supervisor.dbus.manager] Can't load dbus interface de.pengutronix.rauc: The name de.pengutronix.rauc was not provided by any .service files
22-05-07 18:22:59 INFO (MainThread) [supervisor.dbus.manager] Load dbus interface org.freedesktop.resolve1
22-05-07 18:22:59 INFO (MainThread) [supervisor.host.info] Updating local host information
22-05-07 18:22:59 INFO (MainThread) [supervisor.host.services] Updating service information
22-05-07 18:22:59 INFO (MainThread) [supervisor.host.sound] Updating PulseAudio information
22-05-07 18:22:59 INFO (MainThread) [supervisor.host.manager] Host information reload completed
22-05-07 18:22:59 INFO (MainThread) [supervisor.host.network] Updating local network information
22-05-07 18:22:59 INFO (MainThread) [supervisor.host.apparmor] Loading AppArmor Profiles: {'hassio-supervisor'}
22-05-07 18:22:59 WARNING (MainThread) [supervisor.host.apparmor] AppArmor is not enabled on host
22-05-07 18:22:59 INFO (SyncWorker_1) [supervisor.docker.interface] Attaching to ghcr.io/home-assistant/amd64-hassio-cli with version 2022.05.0
22-05-07 18:22:59 INFO (MainThread) [supervisor.plugins.cli] Starting CLI plugin
22-05-07 18:22:59 INFO (SyncWorker_1) [supervisor.docker.interface] Cleaning hassio_cli application
22-05-07 18:23:00 ERROR (SyncWorker_1) [supervisor.docker] Can't start hassio_cli: 400 Client Error for http+docker://localhost/v1.41/containers/c076d7e6b95302e33fe5c5ef9ec5f7764da758d5
a1791ebf649a674a3e052aa6/start: Bad Request ("failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init:
open /proc/sys/kernel/domainname: permission denied: unknown")                                                                                                                            
22-05-07 18:23:00 ERROR (MainThread) [supervisor.plugins.cli] Can't start cli plugin
22-05-07 18:23:00 INFO (SyncWorker_0) [supervisor.docker.interface] Attaching to ghcr.io/home-assistant/amd64-hassio-dns with version 2022.04.1
22-05-07 18:23:00 INFO (MainThread) [supervisor.plugins.dns] Starting CoreDNS plugin
22-05-07 18:23:00 INFO (SyncWorker_0) [supervisor.docker.interface] Cleaning hassio_dns application
22-05-07 18:23:00 INFO (SyncWorker_0) [supervisor.docker.dns] Starting DNS ghcr.io/home-assistant/amd64-hassio-dns with version 2022.04.1 - 172.30.32.3
22-05-07 18:23:00 INFO (MainThread) [supervisor.plugins.dns] Updated /etc/resolv.conf
22-05-07 18:23:00 INFO (SyncWorker_1) [supervisor.docker.interface] Attaching to ghcr.io/home-assistant/amd64-hassio-audio with version 2022.05.0
22-05-07 18:23:00 INFO (MainThread) [supervisor.plugins.audio] Starting Audio plugin
22-05-07 18:23:00 INFO (SyncWorker_1) [supervisor.docker.interface] Cleaning hassio_audio application
22-05-07 18:23:02 ERROR (SyncWorker_1) [supervisor.docker] Can't start hassio_audio: 400 Client Error for http+docker://localhost/v1.41/containers/bfec4d121762ee51e271a9a53dbc98d529a5c2
96d01d7ae4b1dc3bce19bcab69/start: Bad Request ("failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init
: open /proc/sys/kernel/domainname: permission denied: unknown")                                                                                                                          
22-05-07 18:23:02 ERROR (MainThread) [supervisor.plugins.audio] Can't start Audio plugin
22-05-07 18:23:02 INFO (SyncWorker_0) [supervisor.docker.interface] Attaching to ghcr.io/home-assistant/amd64-hassio-observer with version 2021.10.0
22-05-07 18:23:02 INFO (MainThread) [supervisor.plugins.observer] Starting observer plugin
22-05-07 18:23:02 INFO (SyncWorker_0) [supervisor.docker.interface] Cleaning hassio_observer application
22-05-07 18:23:03 ERROR (SyncWorker_0) [supervisor.docker] Can't start hassio_observer: 400 Client Error for http+docker://localhost/v1.41/containers/b47d90726da440ae42c454f0948bb70b556
3c60d930c1b36c39cbdb0c67f8358/start: Bad Request ("failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container i
nit: open /proc/sys/kernel/domainname: permission denied: unknown")                                                                                                                       
22-05-07 18:23:03 ERROR (MainThread) [supervisor.plugins.observer] Can't start observer plugin

Is it possible get this going in lxd?

2

How exactly was the Docker container created/started?

3

I followed the official Home Assistant Supervised Installer as listed here.

Docker was installed using,
curl -fsSL get.docker.com | sh

4

@stgraber anything else you want to know?

5

I’m mostly wondering if the Docker container is using privileged more or some other odd configuration.