Collabora CODE Docker: Persistent Invalid argument errors on chown/link even with privileged: true (Mobile App Failing)

📱 Desktop & mobile clients
, , ,
1

See here for solved Desktop, but unsolvable mobile error: https://help.nextcloud.com/t/best-way-to-edit-documents/226232/18

Hello everyone,

I’m seeking assistance with a stubborn Collabora CODE issue on my Nextcloud Docker Compose setup. My Nextcloud web interface works perfectly with Collabora, but the iOS mobile app consistently fails to open documents, showing “network connection lost.”

My Setup:

  • Nextcloud (latest) and Collabora CODE (collabora/code:24.04.11.1.1) via Docker Compose.
  • Host OS: Ubuntu 22.04 LTS on a VPS.

Troubleshooting Steps & Findings (Chronological):

  1. Initial Errors:
  • coolmount failed: Fixed by adding cap_add: [MKNOD, SYS_ADMIN] to the Collabora service in docker-compose.yml.
  • ENOENT on /var/cache/coolwsd/storage.xml: Fixed by defining and mounting a Docker volume (coolwsd-data) to /var/cache/coolwsd, and then running sudo chmod 777 /var/lib/docker/volumes/nextcloud_coolwsd-data/_data on the host to ensure writability. touch testfile.txt inside the container confirmed writability for cool:cool (UID/GID 1001).
  1. Persistent ENOENT & linkOrCopy for /opt/cool/child-roots/.../tmp/sharedpresets/template:
  • Despite /var/cache/coolwsd being writable, logs still showed:
    • ERR Failed to get the realpath of [...]/tmp/sharedpresets/template (ENOENT: No such file or directory)
    • ERR linkOrCopy: nftw() failed for '/opt/cool/child-roots/.../tmp/sharedpresets/template'
  • Confirmed the source template existed in /opt/cool/systemplate. The issue was the copying/linking process failing.
  • Attempts that DID NOT fix this:
    • Adding extra_params=--o:mount_jail_tree=false to environment.
    • Changing Collabora image to collabora/code:24.04.11.1.1 (from latest).
  1. Current Situation (privileged: true for diagnosis):
  • As a last resort diagnostic step, I set privileged: true for the Collabora container (removing cap_add).
  • Result: The original ENOENT for sharedpresets/template DISAPPEARED! This suggests privileged mode provided the necessary permissions/bypasses for that specific issue.
  • NEW Critical Errors Appeared in Logs:
    • ERR Failed to stat or chown 65534:65534 /opt/cool/child-roots/.../etc/ld.so.conf: Invalid argument missing cap_chown?, disabling linkable
    • ERR link("/opt/cool/systemplate/etc/ld.so.conf", "/opt/cool/child-roots/.../etc/ld.so.conf") failed: Invalid argument. Very slow copying path triggered.

Summary of Current Problem:

Even with privileged: true, the Collabora container is failing to perform fundamental file system operations (chown to UID/GID 65534 - nobody:nogroup, and link) on its internal temporary files (ld.so.conf), reporting “Invalid argument” errors and “missing cap_chown?”.

Hypothesis:

This strongly suggests a very deep-seated issue with the underlying VPS kernel or Docker environment itself, potentially due to highly restrictive host security policies (like AppArmor/SELinux profiles that interfere with low-level syscalls) or a non-standard virtualization layer preventing even privileged containers from performing these operations.

Question:

Has anyone encountered similar Invalid argument errors for chown or link operations inside a Collabora Docker container, especially when running on a VPS and even with privileged: true? Any insights or suggestions for diagnosing/resolving host-level kernel/Docker interactions would be greatly appreciated.