Skip to content

Update s6-overlay to 3.2.2.0 for Kubernetes non-root support #342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
morey-tech wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Update s6-overlay to 3.2.2.0 for Kubernetes non-root support #342

morey-tech wants to merge 4 commits into from

Conversation

@morey-tech
Copy link

@morey-tech morey-tech commented Dec 21, 2025
edited
Loading

Summary

Update s6-overlay from 3.1.6.2 to 3.2.2.0 to enable running Home Assistant containers as non-root in Kubernetes/OpenShift environments.

Problem

Home Assistant containers fail to start on OpenShift (and other Kubernetes distributions that enforce non-root) with:

s6-chown: fatal: unable to chown /run: Operation not permitted

OpenShift runs containers with random UIDs (e.g., uid=1000780000) that cannot chown directories.

Solution

s6-overlay v3.2.1.0 added:

"tolerance for unprivileged containers with suboptimal permissions in /run (which happens a lot in Kubernetes)"

This release introduces S6_YES_I_WANT_A_WORLD_WRITABLE_RUN_BECAUSE_KUBERNETES environment variable support that allows s6-overlay to boot with world-writable /run owned by uid 0.

References

@morey-tech
Update S6 overlay version to 3.2.1.0
8c57cd6 
s6-overlay v3.2.0 adds tolerance for unprivileged containers with world-writable /run, enabling containers to run as non-root in Kubernetes/OpenShift environments.

This adds support for the S6_YES_I_WANT_A_WORLD_WRITABLE_RUN_BECAUSE_KUBERNETES environment variable which allows s6-overlay to boot when /run is owned by uid 0 but the container runs as a different user.

Fixes running Home Assistant on OpenShift where containers are assigned random UIDs and cannot chown /run.

Ref: just-containers/s6-overlay#427
home-assistant[bot]
home-assistant bot previously requested changes Dec 21, 2025
View reviewed changes
Copy link

@home-assistant home-assistant bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @morey-tech

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

@home-assistant
Copy link

home-assistant bot commented Dec 21, 2025

Please take a look at the requested changes, and use the Ready for review button when you are done, thanks 👍

Learn more about our pull request process.

@home-assistant home-assistant bot marked this pull request as draft December 21, 2025 21:56
@morey-tech morey-tech marked this pull request as ready for review December 21, 2025 21:58
@morey-tech morey-tech changed the title Update s6-overlay to v3.2.0.2 for Kubernetes non-root support Update s6-overlay to 3.2.1.0 for Kubernetes non-root support Dec 21, 2025
@agners
Copy link
Member

agners commented Feb 4, 2026

Probably the biggest change with jumping to the S6 overlay v3.2.x.x train is that the services no longer timeout, from the release notes:

It also removes the default service startup timeout, which was causing more problems than it was solving. (Now if you need to make your container fail when it hangs, you need to manually specify a timeout in the S6_CMD_WAIT_FOR_SERVICES_MAXTIME variable.

From the pre-v3.2.x.x README.md it seems that before the default timeout was 5000. I don't think that we typically need a timeout, the default change seems sensible to me. But something to keep in mind, and if required, we still can use S6_CMD_WAIT_FOR_SERVICES_MAXTIME=5000 to revert to the default behavior.

It seems that meanwhile another minor release got released.

@morey-tech can you update the PR accordingly?

@morey-tech morey-tech changed the title Update s6-overlay to 3.2.1.0 for Kubernetes non-root support Update s6-overlay to 3.2.2.0 for Kubernetes non-root support Feb 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agners agners agners approved these changes

@home-assistant home-assistant[bot] home-assistant[bot] left review comments

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@morey-tech @agners