fix(immich): declare the caps its root process needs over the subuid-owned data tree
capabilities:[] was latent — the long-lived legacy container predated strict manifest enforcement, so nothing noticed that a recreate against this manifest produces a root process without DAC_OVERRIDE that EACCESes on upload/encoded-video and crash-loops (49 systemd restarts on .228 when the 2026-07-05 secret-env migration finally recreated it). Any reinstall or reboot-repair would have tripped the same wire. Cap set mirrors immich-postgres minus SETUID/SETGID. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
4665e497d7
commit
11a4f2910a
@ -30,7 +30,13 @@ app:
|
||||
disk_limit: 200Gi
|
||||
|
||||
security:
|
||||
capabilities: []
|
||||
# Runs as container root over a data tree the legacy installer chowned
|
||||
# to the subuid range (host 100000 = container uid 1). Without
|
||||
# DAC_OVERRIDE the server EACCESes writing upload/encoded-video the
|
||||
# moment the container is recreated against this manifest (latent until
|
||||
# the 2026-07-05 secret-env migration recreated it). Same cap set as
|
||||
# immich-postgres minus the setuid pair it doesn't use.
|
||||
capabilities: [CHOWN, DAC_OVERRIDE, FOWNER]
|
||||
readonly_root: false
|
||||
network_policy: isolated
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user