пре 1 година · e5633b5044
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
				 ### Changed
			
 
				 - TLS now enabled by default (disable via `--mqtt-disable-tls`)
			
 
				 - require `PySwitchbot>=0.14.0,<0.41` instead of `PySwitchbot>=0.10.0,<0.13`
			
 
				+- switchbot-mqtt now requires access to the D-Bus' system socket
			
 
				+  `/var/run/dbus/system_bus_socket`
			
 
				+  as `bleak` controls bluetooth via BlueZ over D-Bus.
			
 
				+  access to network namespace containing bluetooth interface is thus
			
 
				+  no longer required.
			
 
				 - `--fetch-device-info` no longer requires `CAP_NET_ADMIN`
			
 
				   (bluepy-helper replaced with bleak)
			
 
				 - replaced [paho-mqtt](https://github.com/eclipse/paho.mqtt.python)
			
--- a/README.md
+++ b/README.md
@@ -116,21 +116,18 @@ When disconnecting (graceful shutdown or unexpected loss of connection), `offlin
 
				 
			
 
				 Why not use the official [SwitchBot integration](https://www.home-assistant.io/integrations/switchbot/)?
			
 
				 
			
 
				-I prefer not to share the host's **network stack** with home assistant
			
 
				+Older versions of pySwitchbot (before bleak replaced bluepy) required access to the host's **network stack**.
			
 
				+I prefer not to share the host's network stack with home assistant's container
			
 
				 (more complicated network setup
			
 
				 and additional [netfilter](https://en.wikipedia.org/wiki/Netfilter) rules required for isolation).
			
 
				 
			
 
				 Sadly, `docker run --network host` even requires `--userns host`:
			
 
				 > docker: Error response from daemon: cannot share the host's network namespace when user namespaces are enabled.
			
 
				 
			
 
				-The docker image built from this repository works around this limitation
			
 
				-by explicitly running as an **unprivileged user**.
			
 
				-
			
 
				 The [official home assistant image](https://hub.docker.com/r/homeassistant/home-assistant)
			
 
				 runs as `root`.
			
 
				 This imposes an unnecessary security risk, especially when disabling user namespace remapping
			
 
				 (`--userns host`).
			
 
				-See https://github.com/fphammerle/docker-home-assistant for an alternative.
			
 
				 
			
 
				 ### Setup
			
 
				 
			
@@ -166,7 +163,8 @@ Annotation of signed tags `docker/*` contains docker image digests: https://gith
 
				 ```sh
			
 
				 $ docker build -t switchbot-mqtt .
			
 
				 $ docker run --name spelunca_switchbot \
			
 
				-    --userns host --network host \
			
 
				+    --userns host \
			
 
				+    -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
			
 
				     switchbot-mqtt:latest \
			
 
				     switchbot-mqtt --mqtt-host HOSTNAME_OR_IP_ADDRESS
			
 
				 ```
			
@@ -179,7 +177,6 @@ services:
 
				   switchbot-mqtt:
			
 
				     image: switchbot-mqtt
			
 
				     container_name: switchbot-mqtt
			
 
				-    network_mode: host
			
 
				     userns_mode: host
			
 
				     environment:
			
 
				     - MQTT_HOST=localhost
			
@@ -187,6 +184,8 @@ services:
 
				     #- MQTT_USERNAME=username
			
 
				     #- MQTT_PASSWORD=password
			
 
				     #- FETCH_DEVICE_INFO=yes
			
 
				+    volumes:
			
 
				+    - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
			
 
				     restart: unless-stopped
			
 
				 ```