is there any way to pass the env parameter --o:security.capabilities=false to collabora container created by Nextcloud AIO?
Obviously I can do it manually but it gets overwritten after every update and collabora just does not work without this workaround in my setup (NAS with limited configuration options).
It is just getting tedious doing it after every update.
TL,DR - it does not work without it, Nextcloud wont connect to collabora container
I cant grant the required capabilities ( cap_sys_chroot, cap_mknod, cap_fowner), they are not available with my docker setup - I guess the combination of limited options on NAS and the storage driver used (vfs). As my setup is more like playground/testbench for the deployment I am planning later on the different system where these constraints will most likely not be present, I cannot be bothered to deal with it when --o:security.capabilities=false on collabora container works just fine.
I tried now, but it is not of much help since Nextcloud will not even connect to collabora container, so I do not have option to modify Allow list for WOPI requests
Even when I expose 9980 from the collabora container manually I get Connection timeout
I do not want you to fix anything actually I know my docker setup is … well, lets say suboptimal. I am looking for a way for a known workaround to survive update process, that is all.
Fixing the issue would require to get a system with a “normal” kernel which is not an option since it is a Western Digital NAS and I am stuck with their firmware.
I see however due to the architecture of AIO you cannot add this change permanently except if we add this as yet another option which we already have too much of.
Unfortunately, the app you linked crashes whole mastercontainer, so it is not an option either.
But again, I understand that mine is a niche case and it is not viable to attend to, especially because it is not a bug per se, but a limitation on host sytem.