From 95a320a3e470aa50c2fe14bba347464d8c5b7740 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Tue, 13 Jan 2026 11:06:14 +0100
Subject: [PATCH] DockerActionManager: disable seccomp policy for borgbackup
 container

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9e8a8ff2..67134576 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -376,6 +376,11 @@ readonly class DockerActionManager {
 
         // Special things for the backup container which should not be exposed in the containers.json
         if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
+            // Disable seccomp policy if seccomp is enabled in the kernel to fix issues like https://github.com/nextcloud/all-in-one/issues/7308
+            if (!$this->configurationManager->isSeccompDisabled()) {
+                $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable", "seccomp:unconfined"];
+            }
+
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {