Fix Bluetooth permission error with AmbientCapabilities and enhanced postinst
- Add AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN to systemd service files - Add sensorpajen user to bluetooth group in postinst - Improve setcap error handling in postinst with clearer messaging - Add comprehensive troubleshooting section for Bluetooth permission errors This fixes the 'Operation not permitted' error when the service tries to access Bluetooth hardware. The fix uses two layers of protection: 1. systemd AmbientCapabilities (modern, robust) 2. File capabilities via setcap (traditional, wider compatibility)
This commit is contained in:
39
debian/README.md
vendored
39
debian/README.md
vendored
@@ -287,16 +287,51 @@ Common issues:
|
||||
- sensors.json is empty
|
||||
- Bluetooth adapter not available
|
||||
|
||||
### Bluetooth Capability Not Set
|
||||
### Bluetooth Permission Error: "Operation not permitted"
|
||||
|
||||
If the service fails with `PermissionError: [Errno 1] Operation not permitted`:
|
||||
|
||||
```bash
|
||||
# Manually set capability
|
||||
# Check current capabilities
|
||||
getcap $(readlink -f /opt/sensorpajen/venv/bin/python3)
|
||||
# Should show: cap_net_admin,cap_net_raw+eip
|
||||
```
|
||||
|
||||
**Solution 1: Re-apply file capabilities** (Quick fix)
|
||||
|
||||
```bash
|
||||
# Set capabilities on Python executable
|
||||
sudo setcap cap_net_raw,cap_net_admin+eip $(readlink -f /opt/sensorpajen/venv/bin/python3)
|
||||
|
||||
# Verify
|
||||
getcap $(readlink -f /opt/sensorpajen/venv/bin/python3)
|
||||
|
||||
# Restart service
|
||||
sudo systemctl restart sensorpajen
|
||||
```
|
||||
|
||||
**Solution 2: Add user to bluetooth group**
|
||||
|
||||
```bash
|
||||
sudo usermod -aG bluetooth sensorpajen
|
||||
sudo systemctl restart sensorpajen
|
||||
```
|
||||
|
||||
**Solution 3: Verify systemd capabilities**
|
||||
|
||||
The service file uses `AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN` as a fallback. Verify it's configured:
|
||||
|
||||
```bash
|
||||
sudo systemctl cat sensorpajen | grep -A2 Capabilities
|
||||
```
|
||||
|
||||
**Why this happens**: File capabilities can be lost when:
|
||||
- Python is upgraded/reinstalled
|
||||
- Filesystem is mounted with `nosuid`
|
||||
- The venv is recreated
|
||||
|
||||
The systemd service now uses both `AmbientCapabilities` (modern approach) and file capabilities (setcap) for maximum compatibility.
|
||||
|
||||
## Development Workflow
|
||||
|
||||
### Making Changes
|
||||
|
||||
Reference in New Issue
Block a user