Adguardhome: cannot read/write external/mounted drive

mangkoran · March 6, 2026, 2:58pm

I encountered somewhat similar issue with Adguard-home cannot read certs on usbkey . I configured my AGH so statistics, querylog, and log (syslog) are saved in USB drive (/mnt/sda1).

...
querylog:
  dir_path: /mnt/sda1/adguardhome/querylog
  ignored: []
  interval: 168h
  size_memory: 1000
  enabled: true
...
statistics:
  dir_path: /mnt/sda1/adguardhome/statistics
  ignored: []
  interval: 168h
  enabled: true
...
log:
  enabled: true
  file: /mnt/sda1/adguardhome/syslog/syslog
  max_backups: 0
  max_size: 10
  max_age: 7
  compress: true
  local_time: true
  verbose: true
...

Previously it worked fine. But after I upgraded my Flint 2 from 24.10.5 to 25.12.0 AGH seems cannot read/write to external/mounted drive.

[Mar 6, 2026, 2:49:22 PM GMT+7] user.notice: AdGuardHome[1]: 2026/03/06 07:49:22.933698 1#1 [fatal] statistics: custom directory: stat /mnt/sda1/adguardhome/statistics: no such file or directory

As mentioned in linked topic, it seems this is related to ujail as it’s now used to run AGH unprivileged https://github.com/openwrt/packages/pull/26225

frollic · March 6, 2026, 2:59pm

the solution to the problem is most likely in the thread you linked to, why exactly are you posting ?

mangkoran · March 6, 2026, 3:02pm

Sorry I havent seen the new reply. Is the jail_mount read-only or read-write? I saw the default config mentioned the jail_mount is read-only https://github.com/openwrt/packages/blob/f9c6661a755a422c9001cb77b33b9e4bca4fab4a/net/adguardhome/files/adguardhome.config#L9.

# Files and directories that AdGuard Home has read-only access to

I need AGH to be able to read-write /mnt/sda1/adguardhome directory.

frollic · March 6, 2026, 3:03pm

since there's no R nor RW option specified in list jail_mount '/mnt/sda1/certs/cert.crt', what do you think ?

mangkoran · March 6, 2026, 3:04pm

Based on the comment in the default config, I guess it’s read-only. Please CMIIW.

frollic · March 6, 2026, 3:05pm

trial and error.

mangkoran · March 6, 2026, 3:14pm

Updated my AGH config and rebooted my router.

root@OpenWrt:~# cat /etc/config/adguardhome
config adguardhome 'config'
        option workdir '/var/adguardhome'
        option config_file '/etc/adguardhome/adguardhome.yaml'
        list jail_mount '/mnt/sda1/adguardhome'

But AGH still cannot read-write the path. It seems the jail mount is indeed read-only

[Mar 6, 2026, 10:09:50 PM GMT+7] user.notice: AdGuardHome[1]: 2026/03/06 15:09:50.774343 1#1 [fatal] init stats: opening database: open /mnt/sda1/adguardhome/statistics/stats.db: read-only file system

frollic · March 6, 2026, 3:19pm

Permissions on /mnt and/or mount point folders ?

mangkoran · March 6, 2026, 3:20pm

The directory has been recursively chown’ed to adguardhome user and group.

root@OpenWrt:~# ls -la /mnt/sda1/adguardhome/
drwxrwxrwx    5 adguardhome adguardhome      4096 Mar  6 14:42 .
drwxr-xr-x    4 root     root          4096 Mar  6 14:39 ..
drwxrwxrwx    2 adguardhome adguardhome      4096 Mar  6 14:41 querylog
drwxrwxrwx    2 adguardhome adguardhome      4096 Mar  6 14:40 statistics
drwxrwxrwx    2 adguardhome adguardhome      4096 Mar  6 14:42 syslog

The drive has been mounted as rw as well.

root@OpenWrt:~# cat /proc/mounts | grep sda1
/dev/sda1 /mnt/sda1 ext4 rw,relatime 0 0

Dante · March 6, 2026, 3:30pm

There's no jail_mount_rw config option at the moment. I'll add this when I have time, or you can do it yourself and open a PR.

Edit: alternatively why don't you move the workdir - which is RW - somewhere else?

mangkoran · March 6, 2026, 3:36pm

There's no jail_mount_rw config option at the moment. I'll add this when I have time, or you can do it yourself and open a PR.

Thank you for the confirmation. Personally I’m not yet familiar with the codebase e.g. where the related code reside. I will try to take a look on it.

alternatively why don't you move the workdir - which is RW - somewhere else?

Because I sometimes encounter issue with my external drive. With my current config, if there’s something wrong with my external drive that prevents AGH from starting (like in this case), I would remove and disable AGH querylog and statistics and AGH would run.

I could try to move AGH workdir to the external drive if that would make the external drive read-write-able by AGH itself. But if something goes wrong with my external drive, I would need to update 2 config files: AGH workdir and also disable AGH querylog and statistics.

mangkoran · March 7, 2026, 6:01am

There's no jail_mount_rw config option at the moment. I'll add this when I have time, or you can do it yourself and open a PR.

Turns out the fix is simple. I created a PR to add jail_mount_rw config https://github.com/openwrt/packages/pull/28703.

diff --git a/net/adguardhome/files/adguardhome.init b/net/adguardhome/files/adguardhome.init
index 432b3e473..0dc5c7392 100644
--- a/net/adguardhome/files/adguardhome.init
+++ b/net/adguardhome/files/adguardhome.init
@@ -102,6 +102,7 @@ start_service() {
 	procd_add_jail_mount /etc/hosts
 	procd_add_jail_mount /etc/ssl/certs
 	config_list_foreach config jail_mount procd_add_jail_mount
+	config_list_foreach config jail_mount_rw procd_add_jail_mount_rw
 
 	procd_close_instance
 }

Updated AGH config

root@OpenWrt:~# cat /etc/config/adguardhome
config adguardhome 'config'
        option workdir '/var/adguardhome'
        option config_file '/etc/adguardhome/adguardhome.yaml'
        list jail_mount_rw '/mnt/sda1/adguardhome'

I have tested the change in my router and it works as expected. Please kindly review it. Thank you!

Edit: The PR has been merged and released along with 25.12. If anyone encountered similar issue in 25.12, please check and update your /etc/config/adguardhome to add related directory to read-write jail.