DockerActionManager: fix bug with collabora using seccomp if it is globally disabled

Signed-off-by: Simon L. <szaimen@e.mail.de>
2025-12-20 06:26:57 +00:00 · 2025-11-24 10:08:12 +01:00 · 2025-11-24 10:08:12 +01:00 · 0fe8008777
commit 0fe8008777
parent 595b5db9fb
2 changed files with 14 additions and 5 deletions
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@ -209,7 +209,7 @@ class ConfigurationManager

    public function SetFulltextsearchEnabledState(int $value) : void {
        // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
-        if ($this->GetCollaboraSeccompDisabledState() === 'true') {
+        if ($this->isSeccompDisabled()) {
            $value = 0;
        }

@ -757,7 +757,7 @@ class ConfigurationManager

    public function GetCollaboraSeccompPolicy() : string {
        $defaultString = '--o:security.seccomp=';
-        if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
+        if ($this->isSeccompDisabled()) {
            return $defaultString . 'true';
        }
        return $defaultString . 'false';
@ -770,6 +770,13 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function isSeccompDisabled() : bool {
+        if ($this->GetCollaboraSeccompDisabledState() === 'true') {
+            return true;
+        }
+        return false;
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@ -415,9 +415,11 @@ readonly class DockerActionManager {

        // Special things for the collabora container which should not be exposed in the containers.json
        } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
-            // Load reference seccomp profile for collabora
-            $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
+            if (!$this->configurationManager->isSeccompDisabled()) {
+                // Load reference seccomp profile for collabora
+                $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
+                $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
+            }

            // Additional Collabora options
            if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {