From 20e38de4977c7f050a7825bbc664c9ccc6e0d66c Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Thu, 9 Nov 2023 09:50:19 -0800
Subject: [PATCH] Created Deployment-Specific Troubleshooting (markdown)

---
 Deployment‐Specific-Troubleshooting.md | 42 ++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 Deployment‐Specific-Troubleshooting.md

diff --git a/Deployment‐Specific-Troubleshooting.md b/Deployment‐Specific-Troubleshooting.md
new file mode 100644
index 0000000..b619af4
--- /dev/null
+++ b/Deployment‐Specific-Troubleshooting.md
@@ -0,0 +1,42 @@
+## SELinux
+### Permission problems on Fedora Server (SELinux)
+If you are trying to run *paperless-ngx* on Linux distributions with SELinux, for example, Fedora Server, you might
+run into issues like:
+```
+Creating directory /usr/src/paperless/data/index
+mkdir: cannot create directory '/usr/src/paperless/data/index': Permission denied
+```
+This usally happens due to SELinux being enabled on those devices, **especially if you mount directories into the container**.
+For example, if you run paperless with Podman using `podman run -v /etc/paperless/consume:/usr/src/paperless/consume ...`.
+Containers expect a SELinux context of `unconfined_u:object_r:container_file_t`, but depending on the folder you want to mount this
+might differ.
+#### Relabeling on the command line
+In such cases, you need to tell Podman whether the mount is going to be used by others (`:z`) or not.
+For example: `podman run -v /etc/paperless/consume:/usr/src/paperless/consume:z ...`.
+#### Relabeling with `podman kube play`
+Podman also has the ability to run Kubernetes Pod manifests, either with [podman-systemd](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#kube-units-kube)
+or `podman kube play`. Under those circumstances, several things can be done:
+1. Pass the `mountPropagation` to each `volumeMount`, e.g:
+```yaml
+  # ...omitted for brevity
+  volumeMounts:
+  - mountPath: /usr/src/paperless/consume
+    name: paperless-consume-pvc
+    mountPropagation: Bidrectional # this is the important line!
+```
+
+2. Change the SELinux type on the host itself
+
+You can also override the SELinux type on the host.
+Under the assumption that we want to change the `/etc/paperless/consume` folder,
+this can be done by executing the following commands:
+
+```shell
+$ sudo semanage fcontext --add --type container_file_t "/etc/paperless/consume(/.*)?"
+```
+
+After you added the SELinux override, it's time to relabel the directory and all subfolders and -files.
+
+```shell
+$ sudo restorecon -Rv /etc/paperless/consume
+```
\ No newline at end of file