paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-08-24 01:06:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Page: Platform‐Specific Troubleshooting
Pages
Affiliated Projects Email OAuth App Setup Home Platform‐Specific Troubleshooting Post Consume Script Examples Pre Consume Script Examples Related Projects Scanner & Software Recommendations Using Security Tools with Paperless ngx Using a Reverse Proxy with Paperless ngx Using and Generating ASN Barcodes v3 Ideas List
Clone
Platform‐Specific Troubleshooting
shamoon edited this page 2023-11-09 09:50:53 -08:00
Table of Contents

SELinux

Permission problems on Fedora Server (SELinux)

If you are trying to run paperless-ngx on Linux distributions with SELinux, for example, Fedora Server, you might run into issues like:

Creating directory /usr/src/paperless/data/index
mkdir: cannot create directory '/usr/src/paperless/data/index': Permission denied

This usally happens due to SELinux being enabled on those devices, especially if you mount directories into the container. For example, if you run paperless with Podman using podman run -v /etc/paperless/consume:/usr/src/paperless/consume .... Containers expect a SELinux context of unconfined_u:object_r:container_file_t, but depending on the folder you want to mount this might differ.

Relabeling on the command line

In such cases, you need to tell Podman whether the mount is going to be used by others (:z) or not. For example: podman run -v /etc/paperless/consume:/usr/src/paperless/consume:z ....

Relabeling with podman kube play

Podman also has the ability to run Kubernetes Pod manifests, either with podman-systemd or podman kube play. Under those circumstances, several things can be done:

  1. Pass the mountPropagation to each volumeMount, e.g:
  # ...omitted for brevity
  volumeMounts:
  - mountPath: /usr/src/paperless/consume
    name: paperless-consume-pvc
    mountPropagation: Bidrectional # this is the important line!
  1. Change the SELinux type on the host itself

You can also override the SELinux type on the host. Under the assumption that we want to change the /etc/paperless/consume folder, this can be done by executing the following commands:

$ sudo semanage fcontext --add --type container_file_t "/etc/paperless/consume(/.*)?"

After you added the SELinux override, it's time to relabel the directory and all subfolders and -files.

$ sudo restorecon -Rv /etc/paperless/consume

Feel free to contribute to the wiki pages - enhance and extend the content!

Also browse Discussions & connect in Matrix chat.