Handle WireGuard sysctl failure on read-only hosts

2026-01-09 09:21:03 +01:00 · 2025-12-22 08:53:18 +01:00
parent 2be8099804
commit c972094f59
3 changed files with 15 additions and 1 deletions
--- a/qbittorrent/CHANGELOG.md
+++ b/qbittorrent/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 5.1.4-4 (30-12-2025)
+- Allow WireGuard to continue when src_valid_mark sysctl cannot be set on read-only hosts
+
 ## 5.1.4-3 (22-12-2025)
 - Minor bugs fixed

--- a/qbittorrent/config.yaml
+++ b/qbittorrent/config.yaml
@@ -144,4 +144,4 @@ schema:
 slug: qbittorrent
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
-version: 5.1.4-3
+version: 5.1.4-4
--- a/qbittorrent/rootfs/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run
+++ b/qbittorrent/rootfs/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run
@@ -55,6 +55,17 @@ _setup_wireguard() {

        if [ "${status}" -eq 0 ]; then return 0; fi

+        # Allow sysctl failures on read-only hosts while keeping the interface up
+        if echo "${output}" | grep -qi 'net\.ipv4\.conf\.all\.src_valid_mark=1'; then
+            if echo "${output}" | grep -qiE 'read-only file system|operation not permitted'; then
+                if ip link show "${wireguard_interface}" >/dev/null 2>&1; then
+                    bashio::log.warning 'WireGuard applied but sysctl net.ipv4.conf.all.src_valid_mark=1 could not be set (read-only). Continuing.'
+                    status=0
+                    return 0
+                fi
+            fi
+        fi
+
        # Check for iptables errors and try legacy fallback
        if echo "${output}" | grep -qiE 'iptables-restore|ip6tables-restore|xtables'; then
            if command -v iptables-legacy >/dev/null 2>&1; then