File permission conflicts when running both Jellyfin and Arr suite

LSIO Discussion Container Support
, , ,
1

Hello there!

I have setup a home media server mainly through Podman systemd files using LinuxServer containers. For a while I was solely using Jellyfin with no issues, and then decided to setup the Arr suite behind a VPN tunnel.

The setup seemed to work fine, all containers launched, the WebUIs were functional and so on. However, I started seeing a reocurring error: the Arr containers were able to access the mounted media volume, but Jellyfin showed permission errors when trying to play media; conversely, if I restarted Jellyfin, it was again able to play media, but the folders showed as Unavailable within the Arr apps.

I googled about it and was unable to find anyone experiencing the same situation as I, with most posts being related to directory permission mistakes.

For reference: I am using both PUID and PGID equal to the main non-root user of the machine in all containers, which coincides with the owner user and group of the media folder. Moreover, I have set 755 permission for directories and 644 for files in the media folder.

As a reference, here is my jellyfin.container file:

[Unit]
Description=Free Software Media System

[Container]
Image=lscr.io/linuxserver/jellyfin:latest
ContainerName=jellyfin
AutoUpdate=registry

AddDevice=/dev/dri:/dev/dri

Environment=PUID=1000
Environment=PGID=1000
Environment=TZ=Europe/Madrid

Volume=/mnt/volumes/%N/config:/config:Z
Volume=/mnt/media:/data/media:ro,Z
# Volume=/mnt/media2:/data/media2:ro,Z

PublishPort=10102:8096/tcp

[Service]
Restart=on-failure
TimeoutStartSec=900
ExecStartPre=mkdir -p /mnt/volumes/%N/config
ExecStartPre=chown -R 1000:1000 /mnt/volumes/%N

[Install]
WantedBy=multi-user.target default.target

And here is a sonarr.container file:

[Unit]
Description=Sonarr
Requires=vpn-wireguard.service

[Container]
Pod=vpn.pod
Image=lscr.io/linuxserver/sonarr:latest
ContainerName=sonarr
AutoUpdate=registry

Environment=PUID=1000
Environment=PGID=1000
Environment=TZ=Europe/Madrid

Volume=/mnt/volumes/%N/config:/config:Z
Volume=/mnt/downloads:/downloads:Z
Volume=/mnt/media:/data/media:Z
# Volume=/mnt/media2:/data/media2:Z

[Service]
Restart=on-failure
TimeoutStartSec=900
ExecStartPre=mkdir -p /mnt/volumes/%N/config
ExecStartPre=chown -R 1000:1000 /mnt/volumes/%N

[Install]
WantedBy=multi-user.target default.target

Thank you in advance, and sorry for the wall of text.

2

Okay, so the problem and solution were simpler and more specific than I anticipated.

My system runs Fedora, which uses SELinux. I did not know that the :z and :Z labels dictated how the volume behaves in terms of being shared between containers. Using :z solved the issue. For more information check these Docker docs.