From ddd137a2e98a094754182d4141da4ec89a391c54 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Tue, 19 Sep 2023 10:44:34 -0500 Subject: [PATCH] frigate: Manage state dir with tmpfiles.d Since *frigate.service* runs as root, the directories created by `StateDirectory` are owned by root. The processes inside the container, therefore, cannot access them. Thus, we have to use `systemd-tmpfiles` to create the state directories with the appropriate permissions. --- frigate.container | 3 +-- frigate.sysusers | 2 ++ frigate.tmpfiles | 4 ++++ frigate.yaml | 8 ++++++++ 4 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 frigate.sysusers create mode 100644 frigate.tmpfiles diff --git a/frigate.container b/frigate.container index 15f4ffe..736a249 100644 --- a/frigate.container +++ b/frigate.container @@ -12,14 +12,13 @@ PodmanArgs=--gidmap 0:209:1 PodmanArgs=--uidmap 1:6000001:65536 PodmanArgs=--gidmap 1:6000001:65536 PodmanArgs=--shm-size 256m -Volume=/var/lib/frigate:/media/frigate:rw,z +Volume=/var/lib/frigate/media:/media/frigate:rw,z Volume=/var/lib/frigate/tmp:/tmp:rw,z Volume=/var/lib/frigate/config:/config:rw,z AddDevice=/dev/apex_0 Network=host [Service] -StateDirectory=%N/tmp %N/config PrivateTmp=yes ProtectSystem=full TemporaryFileSystem=/etc/containers/networks diff --git a/frigate.sysusers b/frigate.sysusers new file mode 100644 index 0000000..35c365e --- /dev/null +++ b/frigate.sysusers @@ -0,0 +1,2 @@ +g frigate 209 +u frigate 209:209 "Frigate" /var/lib/frigate /sbin/nologin diff --git a/frigate.tmpfiles b/frigate.tmpfiles new file mode 100644 index 0000000..eed5577 --- /dev/null +++ b/frigate.tmpfiles @@ -0,0 +1,4 @@ +d /var/lib/frigate 0755 frigate frigate +d /var/lib/frigate/config 0755 frigate frigate +d /var/lib/frigate/media 0755 frigate frigate +d /var/lib/frigate/tmp 0755 frigate frigate diff --git a/frigate.yaml b/frigate.yaml index a2c4183..3b8a270 100644 --- a/frigate.yaml +++ b/frigate.yaml @@ -7,6 +7,14 @@ storage: mode: 0644 contents: local: frigate.container + - path: /etc/sysusers.d/frigate.conf + mode: 0644 + contents: + local: frigate.sysusers + - path: /etc/tmpfiles.d/frigate.conf + mode: 0644 + contents: + local: frigate.tmpfiles systemd: units: