| 8 Jul 2021 |
 @hexa:lossy.network | but yeah, allowlist_external_dirs is required for ReadWritePaths | 14:02:15 |
| @hexa:lossy.network | maybe you can check the resulting systemd unit, whether it includes that path? systemctl cat home-assistant.service | 14:02:34 |
 iclanzan | The unit does include the path. My setup is that I have a directory with images, and in response to MQTT messages a specific image is being assigned to a camera entity using the local_file.update_file_path service. | 14:11:44 |
| iclanzan | Your zwave fix works for me! | 14:14:17 |
| @hexa:lossy.network | iclanzan: can you try to access the file using sudo -u hass <cmd>? | 14:48:35 |
| @hexa:lossy.network | things like ls, stat | 14:48:42 |
| @hexa:lossy.network | so we can find out if this is indeed hardening related | 14:48:52 |
| iclanzan | Bingo... I am getting a permission denied. | 14:51:32 |
| iclanzan | I can ls the folder but not individual images inside it. | 14:52:16 |
| iclanzan | The images are owned by hass:hass and have permission 644 though | 14:52:42 |
| iclanzan | Interestingly random images under /nix/store are accessible by the home-assistant.service. Shouldn’t hardening prevent that? | 14:58:37 |
| iclanzan | Fixed my issue! The folder was missing the execute permission 🤦♂️ | 15:11:23 |
| @hexa:lossy.network | awesome :) | 15:33:09 |
| @hexa:lossy.network | these things happening, and I'm amazed by the hardening actually being very comfortable and not breaking many things | 15:33:29 |
| @hexa:lossy.network | while taking your home-assistant configuration into consideration, so it can get even tighter depending on your use case | 15:33:51 |
| iclanzan | Found another regression. My ffmpeg camera streams are missing audio, at least in the front-end. Testing the ffmpeg command manually does produce a stream with audio... | 15:50:26 |
| @hexa:lossy.network | can you link the relevant component? | 15:53:17 |
| iclanzan | camera = [
{
platform = "ffmpeg";
name = "foo";
input = "-i ${cameraUrl}";
}
];
# in lovelaceConfig
cards = [
{
type = "picture-glance";
title = "Some title";
entities = [];
camera_image = "camera.foo";
}
];
| 15:58:04 |
| iclanzan | Clicking on the card opens a popover with the video stream, but it is lacking audio (and the audio toggle icon is disabled). | 15:59:12 |
| @hexa:lossy.network | and that camera is a local /dev/something? | 16:14:04 |
| iclanzan | It's a http url | 16:23:40 |
| @hexa:lossy.network | uh, okay. not sure how hardening would be able to affect that. | 16:25:54 |
| @hexa:lossy.network | I have a setup at my parents house that is using 2021.5.5 and audio is still working for such a setup | 16:27:32 |
| iclanzan | Yeah, sorry. I didn't mean to imply that hardening made it regress. | 16:29:05 |
| @hexa:lossy.network | oh ok | 16:35:22 |
| 9 Jul 2021 |
| @hexa:lossy.network | if someone could look into https://github.com/NixOS/nixpkgs/pull/129644#issuecomment-877089208 | 12:13:44 |
| @hexa:lossy.network | * if someone could look into https://github.com/NixOS/nixpkgs/pull/129644#issuecomment-877089208, that would be super helpful | 12:15:36 |
| iclanzan | Found why there is no audio on my stream: https://github.com/home-assistant/core/pull/39906 | 13:51:37 |
| @hexa:lossy.network | you sure? that was merged last year | 13:53:19 |
| iclanzan | Yeah, I had changed my stream to be mpegts somewhere along the way but I assumed that the upgrade was to blame | 13:56:50 |
