How to pass --o:security.capabilities=false to collabora container in Nextcloud AIO


is there any way to pass the env parameter --o:security.capabilities=false to collabora container created by Nextcloud AIO?

Obviously I can do it manually but it gets overwritten after every update and collabora just does not work without this workaround in my setup (NAS with limited configuration options).

It is just getting tedious doing it after every update.


Hi, see GitHub - nextcloud/all-in-one: Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.

Hi, this option passes --o:security.seccomp=false to collabora container, I have it already enabled, but this is not the one I am looking for.

Ah I see. Why do you need to disable the security capabilities?

TL,DR - it does not work without it, Nextcloud wont connect to collabora container

I cant grant the required capabilities ( cap_sys_chroot, cap_mknod, cap_fowner), they are not available with my docker setup - I guess the combination of limited options on NAS and the storage driver used (vfs). As my setup is more like playground/testbench for the deployment I am planning later on the different system where these constraints will most likely not be present, I cannot be bothered to deal with it when --o:security.capabilities=false on collabora container works just fine.

Did you already follow How to debug problems with Collabora and/or Talk · Discussion #1358 · nextcloud/all-in-one · GitHub?