Merge pull request #7414 from nextcloud/enh/7308/disable-seccomp-for-borg

DockerActionManager: disable seccomp policy for borgbackup container
2026-02-04 04:56:52 +00:00 · 2026-01-14 13:28:46 +01:00 · 2026-01-14 13:28:46 +01:00 · 3f55a47b68
commit 3f55a47b68
parent 84a01d2fa7 95a320a3e4
1 changed files with 5 additions and 0 deletions
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@ -376,6 +376,11 @@ readonly class DockerActionManager {

        // Special things for the backup container which should not be exposed in the containers.json
        if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
+            // Disable seccomp policy if seccomp is enabled in the kernel to fix issues like https://github.com/nextcloud/all-in-one/issues/7308
+            if (!$this->configurationManager->isSeccompDisabled()) {
+                $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable", "seccomp:unconfined"];
+            }
+
            // Additional backup directories
            foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                if ($additionalBackupVolumes !== '') {