paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-02 13:45:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Created Deployment-Specific Troubleshooting (markdown)

shamoon 2023-11-09 09:50:19 -08:00
parent f4ce38e5eb
commit 20e38de497
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Deployment‐Specific-Troubleshooting.md Normal file

@ -0,0 +1,42 @@
## SELinux
### Permission problems on Fedora Server (SELinux)
If you are trying to run *paperless-ngx* on Linux distributions with SELinux, for example, Fedora Server, you might
run into issues like:
```
Creating directory /usr/src/paperless/data/index
mkdir: cannot create directory '/usr/src/paperless/data/index': Permission denied
```
This usally happens due to SELinux being enabled on those devices, **especially if you mount directories into the container**.
For example, if you run paperless with Podman using `podman run -v /etc/paperless/consume:/usr/src/paperless/consume ...`.
Containers expect a SELinux context of `unconfined_u:object_r:container_file_t`, but depending on the folder you want to mount this
might differ.
#### Relabeling on the command line
In such cases, you need to tell Podman whether the mount is going to be used by others (`:z`) or not.
For example: `podman run -v /etc/paperless/consume:/usr/src/paperless/consume:z ...`.
#### Relabeling with `podman kube play`
Podman also has the ability to run Kubernetes Pod manifests, either with [podman-systemd](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#kube-units-kube)
or `podman kube play`. Under those circumstances, several things can be done:
1. Pass the `mountPropagation` to each `volumeMount`, e.g:
```yaml
# ...omitted for brevity
volumeMounts:
- mountPath: /usr/src/paperless/consume
name: paperless-consume-pvc
mountPropagation: Bidrectional # this is the important line!
```
2. Change the SELinux type on the host itself
You can also override the SELinux type on the host.
Under the assumption that we want to change the `/etc/paperless/consume` folder,
this can be done by executing the following commands:
```shell
$ sudo semanage fcontext --add --type container_file_t "/etc/paperless/consume(/.*)?"
```
After you added the SELinux override, it's time to relabel the directory and all subfolders and -files.
```shell
$ sudo restorecon -Rv /etc/paperless/consume
```