From a1424bad6c0163e790129ade7a9784514d0bf89d Mon Sep 17 00:00:00 2001
From: Andrew Jackson <andrew@a-jackson.co.uk>
Date: Wed, 28 Feb 2024 23:18:34 +0000
Subject: [PATCH] Fix permission error accessing /run/secrets (#10097)

Checks that the service has read access to the directory before trying
to read it
---
 frigate/config.py | 2 +-
 frigate/plus.py   | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/frigate/config.py b/frigate/config.py
index 1f71fd7af..319b41f6e 100644
--- a/frigate/config.py
+++ b/frigate/config.py
@@ -50,7 +50,7 @@ DEFAULT_TIME_FORMAT = "%m/%d/%Y %H:%M:%S"
 
 FRIGATE_ENV_VARS = {k: v for k, v in os.environ.items() if k.startswith("FRIGATE_")}
 # read docker secret files as env vars too
-if os.path.isdir("/run/secrets"):
+if os.path.isdir("/run/secrets") and os.access("/run/secrets", os.R_OK):
     for secret_file in os.listdir("/run/secrets"):
         if secret_file.startswith("FRIGATE_"):
             FRIGATE_ENV_VARS[secret_file] = Path(
diff --git a/frigate/plus.py b/frigate/plus.py
index 2e6144ce3..7c4564562 100644
--- a/frigate/plus.py
+++ b/frigate/plus.py
@@ -37,8 +37,10 @@ class PlusApi:
         self.key = None
         if PLUS_ENV_VAR in os.environ:
             self.key = os.environ.get(PLUS_ENV_VAR)
-        elif os.path.isdir("/run/secrets") and PLUS_ENV_VAR in os.listdir(
-            "/run/secrets"
+        elif (
+            os.path.isdir("/run/secrets")
+            and os.access("/run/secrets", os.R_OK)
+            and PLUS_ENV_VAR in os.listdir("/run/secrets")
         ):
             self.key = Path(os.path.join("/run/secrets", PLUS_ENV_VAR)).read_text()
         # check for the addon options file