Skip to content

Start Supervisor container with its cidfile mounted to /run/cid #4276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 9, 2025
Merged

Start Supervisor container with its cidfile mounted to /run/cid #4276

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions buildroot-external/rootfs-overlay/usr/sbin/hassos-supervisor
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ set -e
# Init supervisor
SUPERVISOR_DATA=/mnt/data/supervisor
SUPERVISOR_STARTUP_MARKER="/run/supervisor/startup-marker"
SUPERVISOR_CIDFILE="${SUPERVISOR_DATA}/hassio_supervisor.cid"
SUPERVISOR_STARTSCRIPT_VERSION="/mnt/data/.hassos-supervisor-version"
SUPERVISOR_IMAGE="ghcr.io/home-assistant/${SUPERVISOR_ARCH}-hassio-supervisor"

Expand Down Expand Up @@ -58,8 +59,8 @@ if [ -z "${SUPERVISOR_IMAGE_ID}" ]; then
docker tag "${SUPERVISOR_IMAGE}:${SUPERVISOR_VERSION}" "${SUPERVISOR_IMAGE}:latest"
else
# Pull failed, updater info might be corrupted or the release might have
# been removed from the container registry, delete the updater info
# to start from scratch on next try.
# been removed from the container registry, delete the updater info
# to start from scratch on next try.
echo "[ERROR] Supervisor download failed."
rm -f "${SUPERVISOR_DATA}/updater.json"
exit 1
Expand Down Expand Up @@ -87,12 +88,18 @@ fi

# If Supervisor container is missing, create it
if [ -z "${SUPERVISOR_CONTAINER_ID}" ]; then
# We need to remove the CID file here, Docker will refuse to start if the
# file is present. Single instance is ensured by other code paths.
[ -f "${SUPERVISOR_CIDFILE}" ] && rm -f "${SUPERVISOR_CIDFILE}"

Comment on lines +91 to +94
Copy link

@coderabbitai coderabbitai bot Sep 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

⚠️ Potential issue

Creation will fail: bind-mounting a non-existent file while using --cidfile to create it

Docker requires the bind source to exist at create time; meanwhile, --cidfile refuses to write if the file already exists. Removing the file (Lines 91–94) and then attempting to bind it (Lines 101–102) in the same docker container create leads to “invalid mount config for type 'bind': bind source path does not exist.”

Fix by:

  • Pre-creating the file used as the bind source.
  • Using a separate temp file for --cidfile.
  • After create, move/copy the temp file’s content into the mounted file before start.

Apply within this block:

-    # We need to remove the CID file here, Docker will refuse to start if the
-    # file is present. Single instance is ensured by other code paths.
-    [ -f "${SUPERVISOR_CIDFILE}" ] && rm -f "${SUPERVISOR_CIDFILE}"
+    # Ensure bind source exists; keep a separate tmp for --cidfile.
+    mkdir -p "$(dirname "${SUPERVISOR_CIDFILE}")"
+    : > "${SUPERVISOR_CIDFILE}"
+    chmod 0644 "${SUPERVISOR_CIDFILE}" || true
+    [ -n "${SUPERVISOR_CIDFILE_TMP}" ] && rm -f "${SUPERVISOR_CIDFILE_TMP}"
-        --cidfile "${SUPERVISOR_CIDFILE}" \
+        --cidfile "${SUPERVISOR_CIDFILE_TMP}" \
         --mount type=bind,src="${SUPERVISOR_CIDFILE}",dst=/run/cid,readonly \

And insert right after the docker container create ... "${SUPERVISOR_IMAGE}:latest" line (before touching SUPERVISOR_STARTSCRIPT_VERSION):

+    # Populate the mounted CID file with the created container ID
+    if [ -s "${SUPERVISOR_CIDFILE_TMP}" ]; then
+        mv -f "${SUPERVISOR_CIDFILE_TMP}" "${SUPERVISOR_CIDFILE}"
+    else
+        echo "[ERROR] CID file was not written by Docker."
+        exit 1
+    fi

Optional: if you prefer not to replace the inode for the mounted file, use cat "${SUPERVISOR_CIDFILE_TMP}" > "${SUPERVISOR_CIDFILE}" && rm -f "${SUPERVISOR_CIDFILE_TMP}".

Also applies to: 101-102

🤖 Prompt for AI Agents 
In buildroot-external/rootfs-overlay/usr/sbin/hassos-supervisor around lines
91–94, removing SUPERVISOR_CIDFILE before creating the container causes Docker
to fail because bind sources must exist at create time; instead pre-create the
mount target file and use a separate temporary file for --cidfile during
container create (e.g. SUPERVISOR_CIDFILE_TMP), then after the container is
created copy/move the temp file content into the mounted SUPERVISOR_CIDFILE
before starting the container (or use cat SUPERVISOR_CIDFILE_TMP >
SUPERVISOR_CIDFILE && rm -f SUPERVISOR_CIDFILE_TMP to avoid replacing the
inode).

echo "[INFO] Creating a new Supervisor container..."
# shellcheck disable=SC2086
docker container create \
--name hassio_supervisor \
--privileged --security-opt apparmor="hassio-supervisor" \
--oom-score-adj=-300 \
--cidfile "${SUPERVISOR_CIDFILE}" \
--mount type=bind,src="${SUPERVISOR_CIDFILE}",dst=/run/cid,readonly \
-v /run/docker.sock:/run/docker.sock:rw \
-v /run/containerd/containerd.sock:/run/containerd/containerd.sock:rw \
-v /run/systemd/journal/socket:/run/systemd/journal/socket:rw \
Expand Down