Running bt-mqtt-gateway without sudo/root/setcap

[baurmatt]

Is your feature request related to a problem? Please describe. I like to run this program without sudo/root/setcap to better secure the program. This is currently not possible because running the program as an unprivileged user gives me the following error:

Mar 09 21:50:45 raspberrypi service.sh[27625]: 21:50:45 Starting
Mar 09 21:50:48 raspberrypi service.sh[27625]: 09:50:48 PM Fatal error while executing worker command: BTLEManagementError
Mar 09 21:50:48 raspberrypi service.sh[27625]: Traceback (most recent call last):
Mar 09 21:50:48 raspberrypi service.sh[27625]:   File "./gateway.py", line 107, in <module>
Mar 09 21:50:48 raspberrypi service.sh[27625]:     raise e
Mar 09 21:50:48 raspberrypi service.sh[27625]:   File "./gateway.py", line 89, in <module>
Mar 09 21:50:48 raspberrypi service.sh[27625]:     mqtt.publish(_WORKERS_QUEUE.get(timeout=10).execute())
Mar 09 21:50:48 raspberrypi service.sh[27625]:   File "/srv/bt-mqtt-gateway/workers_manager.py", line 58, in execute
Mar 09 21:50:48 raspberrypi service.sh[27625]:     messages = self._callback(*self._args)
Mar 09 21:50:48 raspberrypi service.sh[27625]:   File "/srv/bt-mqtt-gateway/workers/miscale.py", line 28, in status_update
Mar 09 21:50:48 raspberrypi service.sh[27625]:     results = self._get_data()
Mar 09 21:50:48 raspberrypi service.sh[27625]:   File "/srv/bt-mqtt-gateway/workers/miscale.py", line 108, in _get_data
Mar 09 21:50:48 raspberrypi service.sh[27625]:     scanner.scan(self.SCAN_TIMEOUT, passive=True)
Mar 09 21:50:48 raspberrypi service.sh[27625]:   File "/srv/bt-mqtt-gateway/.venv/lib/python3.7/site-packages/bluepy/btle.py", line 852, in scan
Mar 09 21:50:48 raspberrypi service.sh[27625]:     self.start(passive=passive)
Mar 09 21:50:48 raspberrypi service.sh[27625]:   File "/srv/bt-mqtt-gateway/.venv/lib/python3.7/site-packages/bluepy/btle.py", line 790, in start
Mar 09 21:50:48 raspberrypi service.sh[27625]:     self._mgmtCmd("le on")
Mar 09 21:50:48 raspberrypi service.sh[27625]:   File "/srv/bt-mqtt-gateway/.venv/lib/python3.7/site-packages/bluepy/btle.py", line 312, in _mgmtCmd
Mar 09 21:50:48 raspberrypi service.sh[27625]:     raise BTLEManagementError("Failed to execute management command '%s'" % (cmd), rsp)
Mar 09 21:50:48 raspberrypi service.sh[27625]: bluepy.btle.BTLEManagementError: Failed to execute management command 'le on' (code: 20, error: Permission Denied)

Describe the solution you'd like I like to run the program without sudo/root/setcap

Describe alternatives you've considered

sudo setcap 'cap_net_raw,cap_net_admin+eip' .venv/lib/python3.7/site-packages/bluepy/bluepy-helper

Works as a workaround and better than sudo/root.

Additional context I use the Mi Flora component in home assistant which also uses BLE. This works fine without sudo/root/setcap.

[bencorrado]

I am also running into this issue with Docker, which makes it more challenging to deal with.

For those using docker, use this command to use setcap for now

sudo docker run --cap-add=NET_ADMIN --cap-add=NET_RAW -d --name bt-mqtt-gateway --network=host -v $PWD/config.yaml:/config.yaml zewelor/bt-mqtt-gateway -D