Skip to content

fix: add privileged mode to tika, searxng, chrome containers #1453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
chocobar wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: add privileged mode to tika, searxng, chrome containers #1453

chocobar wants to merge 3 commits into from

Conversation

@chocobar
Copy link
Collaborator

@chocobar chocobar commented Dec 15, 2025

Summary

Fixes container startup failures on older Docker versions (20.10.x) with cgroup v1.

Problem

On Ubuntu 20.04 with Docker 20.10.17 and cgroup v1, these containers fail to start:

Container Error
tika java.io.FileNotFoundException: /proc/self/cgroup
searxng RuntimeError: Permission denied (os error 13)
chrome panic: listen tcp :7317: socket: permission denied

Solution

  • tika: Add privileged: true for Java cgroup access
  • searxng: Add privileged: true and user: root for socket binding
  • chrome: Add privileged: true for socket binding

Test plan

  • Tested on Ubuntu 20.04 with Docker 20.10.17 and cgroup v1
  • All three containers now start and stay running
  • Verify no regression on newer Docker versions

🤖 Generated with Claude Code

chocobar and others added 3 commits December 15, 2025 20:18
@chocobar @claude
fix: add privileged mode to tika, searxng, chrome containers
537bb84 
On older Docker versions (20.10.x) with cgroup v1, these containers
fail to start due to permission issues:

- tika: Java can't read /proc/self/cgroup
- searxng: Can't bind socket (Permission denied os error 13)
- chrome: Can't bind to port 7317 (socket: permission denied)

Adding privileged: true fixes these issues. SearXNG also needs
user: root to bind its socket.

Tested on Ubuntu 20.04 with Docker 20.10.17 and cgroup v1.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@chocobar @claude
fix: add privileged mode to api container for DNS resolution
6fcf454 
API container fails to resolve postgres hostname on older Docker/cgroup v1:
"dial udp 127.0.0.11:53: socket: permission denied"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@chocobar
fix: add privileged mode to postgres for cgroup v1 compatibility
19115e2
@lukemarsden lukemarsden force-pushed the main branch 2 times, most recently from 93e4998 to c07feb5 Compare December 28, 2025 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chocobar