Permanently allow SELinux to my Jellyfin Docker container
Hey fellas, getting some permissions behavior from my SELinux on my Jellyfin docker container;
Everything works as long as I don't reboot the OS - then the following happens:
File system permissions are correct, but it's SELinux that enforces it anyways; as soon as I do
My initial idea was toe set SELinux context in the Docker manifest file using semanage:
Not sure however if this will persist through reboots, because from what I know, Bazzite protects everything at system level. Thus, my idea was to make custom change in
tl;dr my ide was to edit
Then remount and it should persist through reboots?
Everything works as long as I don't reboot the OS - then the following happens:
[in#0 @ 0x55562e261100] Error opening input: Permission deniedError opening input file file:/media/series/...mkv.Error opening input files: Permission denied[in#0 @ 0x55bb1fd4b280] Error opening input: Permission deniedError opening input file file:/media/series/...mkv.Error opening input files: Permission deniedFile system permissions are correct, but it's SELinux that enforces it anyways; as soon as I do
sudo setenforce 0 all works as expected.My initial idea was toe set SELinux context in the Docker manifest file using semanage:
sudo chcon -Rt svirt_sandbox_file_t /home/spasoff/<movies>sudo chcon -Rt svirt_sandbox_file_t /home/spasoff/<series>sudo chcon -Rt svirt_sandbox_file_t /home/spasoff/jellyfin/configNot sure however if this will persist through reboots, because from what I know, Bazzite protects everything at system level. Thus, my idea was to make custom change in
/etc/fstab because my understanding is rpm-ostreetl;dr my ide was to edit
/etc/fstab with:/home/spasoff/FILM4ITA /home/spasoff/FILM4ITA none bind,context="system_u:object_r:svirt_sandbox_file_t:s0" 0 0/home/spasoff/SERIAL4ITA /home/spasoff/SERIAL4ITA none bind,context="system_u:object_r:svirt_sandbox_file_t:s0" 0 0Then remount and it should persist through reboots?
