diff --git a/supervisor/const.py b/supervisor/const.py index 0cbfd4ed3..67db991b0 100644 --- a/supervisor/const.py +++ b/supervisor/const.py @@ -36,6 +36,11 @@ SOCKET_DBUS = Path("/run/dbus/system_bus_socket") DOCKER_NETWORK = "hassio" DOCKER_NETWORK_MASK = ip_network("172.30.32.0/23") DOCKER_NETWORK_RANGE = ip_network("172.30.33.0/24") +DOCKER_IMAGE_DENYLIST = [ + "containrrr/watchtower", + "pyouroboros/ouroboros", + "v2tec/watchtower", +] DNS_SUFFIX = "local.hass.io" diff --git a/supervisor/core.py b/supervisor/core.py index 2776c90cd..ba9f1e219 100644 --- a/supervisor/core.py +++ b/supervisor/core.py @@ -144,6 +144,11 @@ class Core(CoreSysAttributes): self.supported = False _LOGGER.error("Systemd DBUS is not connected") + # Check if image names from denylist exist + if await self.sys_run_in_executor(self.sys_docker.check_denylist_images): + self.coresys.supported = False + self.healthy = False + async def start(self): """Start Supervisor orchestration.""" self.state = CoreStates.STARTUP diff --git a/supervisor/docker/__init__.py b/supervisor/docker/__init__.py index 859d32504..dfc5b59ca 100644 --- a/supervisor/docker/__init__.py +++ b/supervisor/docker/__init__.py @@ -9,7 +9,7 @@ import attr import docker from packaging import version as pkg_version -from ..const import DNS_SUFFIX, SOCKET_DOCKER +from ..const import DNS_SUFFIX, DOCKER_IMAGE_DENYLIST, SOCKET_DOCKER from ..exceptions import DockerAPIError from .network import DockerNetwork @@ -232,3 +232,24 @@ class DockerAPI: _LOGGER.debug("Networks prune: %s", output) except docker.errors.APIError as err: _LOGGER.warning("Error for networks prune: %s", err) + + def check_denylist_images(self) -> bool: + """Return a boolean if the host has images in the denylist.""" + denied_images = set() + for image in self.images.list(): + for tag in image.tags: + image_name = tag.split(":")[0] + if ( + image_name in DOCKER_IMAGE_DENYLIST + and image_name not in denied_images + ): + denied_images.add(image_name) + + if not denied_images: + return False + + _LOGGER.error( + "Found images: '%s' which are not supported, remove these from the host!", + ", ".join(denied_images), + ) + return True