From 767e0d4b9f7555af46f523f06643aa1f28d1c00e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 10 Nov 2025 15:52:35 +0100
Subject: [PATCH] fix some remaining issues with collabora

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json                    | 2 +-
 php/src/Docker/DockerActionManager.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index df0e2d28..b291a625 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 7d7fc0e9..fd179f10 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -406,7 +406,7 @@ readonly class DockerActionManager {
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
             // Load reference seccomp profile for collabora
             $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile", "no-new-privileges=true", "apparmor=unconfined"];
+            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
 
             // Additional Collabora options
             if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {