fej/docker-plex-wireguard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Support nonroot operation

Browse source
This commit is contained in:
thespad 2024-12-20 20:31:10 +00:00
parent 5521df85df
commit b29a1b8320
No known key found for this signature in database
5 changed files with 84 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -86,6 +86,15 @@ This image can be run with a read-only container filesystem. For details please
* Runtime update of Plex (and thus Plexpass builds) is not supported. * Runtime update of Plex (and thus Plexpass builds) is not supported.
* Transcode directory must be mounted to a host path or tmpfs. * Transcode directory must be mounted to a host path or tmpfs.
## Non-Root Operation
This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/).
### Caveats
* Runtime update of Plex (and thus Plexpass builds) is not supported.
* Transcode directory must be mounted to a host path or tmpfs.
### Hardware Acceleration ### Hardware Acceleration
Many desktop applications need access to a GPU to function properly and even some Desktop Environments have compositor effects that will not function without a GPU. However this is not a hard requirement and all base images will function without a video device mounted into the container. Many desktop applications need access to a GPU to function properly and even some Desktop Environments have compositor effects that will not function without a GPU. However this is not a hard requirement and all base images will function without a video device mounted into the container.
@ -174,6 +183,7 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-v /tv` | Media goes here. Add as many as needed e.g. `/movies`, `/tv`, etc. | | `-v /tv` | Media goes here. Add as many as needed e.g. `/movies`, `/tv`, etc. |
| `-v /movies` | Media goes here. Add as many as needed e.g. `/movies`, `/tv`, etc. | | `-v /movies` | Media goes here. Add as many as needed e.g. `/movies`, `/tv`, etc. |
| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). |
## Environment variables from files (Docker secrets) ## Environment variables from files (Docker secrets)

4
readme-vars.yml
View file

@ -75,6 +75,10 @@ readonly_supported: true
readonly_message: | readonly_message: |
* Runtime update of Plex (and thus Plexpass builds) is not supported. * Runtime update of Plex (and thus Plexpass builds) is not supported.
* Transcode directory must be mounted to a host path or tmpfs. * Transcode directory must be mounted to a host path or tmpfs.
nonroot_supported: true
nonroot_message: |
* Runtime update of Plex (and thus Plexpass builds) is not supported.
* Transcode directory must be mounted to a host path or tmpfs.
# init diagram # init diagram
init_diagram: | init_diagram: |
"plex:latest": { "plex:latest": {

14
root/etc/s6-overlay/s6-rc.d/init-plex-chown/run
View file

@ -6,9 +6,17 @@ mkdir -p /run/plex-temp
# create folders # create folders
if [[ ! -d "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}" ]]; then if [[ ! -d "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}" ]]; then
mkdir -p "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}" mkdir -p "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}"
if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
lsiown -R abc:abc /config lsiown -R abc:abc /config
fi fi
fi
# remove plex pid after unclean stop
if [[ -f "/config/Library/Application Support/Plex Media Server/plexmediaserver.pid" ]]; then
rm -f "/config/Library/Application Support/Plex Media Server/plexmediaserver.pid"
fi
if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
# check Library permissions # check Library permissions
PUID=${PUID:-911} PUID=${PUID:-911}
if [[ ! "$(stat -c %u /config/Library)" == "${PUID}" ]]; then if [[ ! "$(stat -c %u /config/Library)" == "${PUID}" ]]; then
@ -18,11 +26,6 @@ if [[ ! "$(stat -c %u /config/Library)" == "${PUID}" ]]; then
/config/Library /config/Library
fi fi
# remove plex pid after unclean stop
if [[ -f "/config/Library/Application Support/Plex Media Server/plexmediaserver.pid" ]]; then
rm -f "/config/Library/Application Support/Plex Media Server/plexmediaserver.pid"
fi
# set permissions on Plex Transcoder Temp Directory # set permissions on Plex Transcoder Temp Directory
PLEX_MEDIA_SERVER_PREFERENCES="${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}/Plex Media Server/Preferences.xml" PLEX_MEDIA_SERVER_PREFERENCES="${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}/Plex Media Server/Preferences.xml"
if [[ -f "${PLEX_MEDIA_SERVER_PREFERENCES}" ]]; then if [[ -f "${PLEX_MEDIA_SERVER_PREFERENCES}" ]]; then
@ -40,3 +43,4 @@ lsiown abc:abc \
/run/plex-temp \ /run/plex-temp \
/config \ /config \
/config/* /config/*
fi

2
root/etc/s6-overlay/s6-rc.d/init-plex-gid-video/run
View file

@ -1,6 +1,7 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash # shellcheck shell=bash
if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
FILES=$(find /dev/dri /dev/dvb -type c -print 2>/dev/null) FILES=$(find /dev/dri /dev/dvb -type c -print 2>/dev/null)
for i in ${FILES}; do for i in ${FILES}; do
@ -33,3 +34,4 @@ for i in ${FILES}; do
fi fi
fi fi
done done
fi

7
root/etc/s6-overlay/s6-rc.d/svc-plex/run
View file

@ -6,6 +6,13 @@ PLEX_MEDIA_SERVER_INFO_MODEL=$(uname -m)
export PLEX_MEDIA_SERVER_INFO_MODEL export PLEX_MEDIA_SERVER_INFO_MODEL
PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION=$(uname -r) PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION=$(uname -r)
export PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION export PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION
if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
exec \ exec \
s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 32400" \ s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 32400" \
s6-setuidgid abc "/usr/lib/plexmediaserver/Plex Media Server" s6-setuidgid abc "/usr/lib/plexmediaserver/Plex Media Server"
else
exec \
s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 32400" \
"/usr/lib/plexmediaserver/Plex Media Server"
fi