From aadadf4460250a161db1c67efd526a69beade825 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 8 Jun 2026 11:49:54 +0200
Subject: [PATCH] allow scrutiny to access all block devices

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 925f3942..3956b2eb 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -478,6 +478,10 @@ readonly class DockerActionManager {
                 $regEx = '/\s+(?=--o:)/';
                 $requestBody['Cmd'] = preg_split($regEx, rtrim($this->configurationManager->collaboraAdditionalOptions));
             }
+        // Special things for the scrutiny container which should not be exposed in the containers.json
+        } elseif ($container->identifier === 'nextcloud-aio-scrutiny') {
+            // Allow it to access block devices
+            $requestBody['HostConfig']['DeviceCgroupRules'] = ["b *:* rmw"];
         }
 
         if (count($mounts) > 0) {