From f3ea0ee978ee99a9badb866a05759bd33325fc57 Mon Sep 17 00:00:00 2001
From: Alexander Ackermann <abackermann91@gmail.com>
Date: Tue, 9 Dec 2025 15:34:46 +0100
Subject: [PATCH 1/3] fix: slow kit jail error server audit in collabora

---
 weboffice/collabora.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml
index ce6e9bdb..4341be3b 100644
--- a/weboffice/collabora.yml
+++ b/weboffice/collabora.yml
@@ -66,7 +66,9 @@ services:
       username: ${COLLABORA_ADMIN_USER:-admin}
       password: ${COLLABORA_ADMIN_PASSWORD:-admin}
     cap_add:
-      - MKNOD
+      - SYS_ADMIN
+    security_opt:
+      - seccomp=unconfined
     volumes:
       # Mount local TrueType fonts so the container can use system fonts
       # (e.g. Microsoft fonts like Arial, Calibri, Cambria by installing the `ttf-mscorefonts-installer` package).

From 7386b21d7c0e69445d899c6cfa599f73686e5c32 Mon Sep 17 00:00:00 2001
From: Alexander Ackermann <abackermann91@gmail.com>
Date: Tue, 9 Dec 2025 18:49:31 +0100
Subject: [PATCH 2/3] make work on debian based systems

---
 weboffice/collabora.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml
index 4341be3b..00977a24 100644
--- a/weboffice/collabora.yml
+++ b/weboffice/collabora.yml
@@ -65,10 +65,13 @@ services:
         --o:home_mode.enable=${COLLABORA_HOME_MODE:-false}
       username: ${COLLABORA_ADMIN_USER:-admin}
       password: ${COLLABORA_ADMIN_PASSWORD:-admin}
+    privileged: true
     cap_add:
       - SYS_ADMIN
+      - MKNOD
     security_opt:
       - seccomp=unconfined
+      - apparmor:unconfined
     volumes:
       # Mount local TrueType fonts so the container can use system fonts
       # (e.g. Microsoft fonts like Arial, Calibri, Cambria by installing the `ttf-mscorefonts-installer` package).

From e897106b5861caced832dba25e34ba1efd7802e2 Mon Sep 17 00:00:00 2001
From: Alexander Ackermann <abackermann91@gmail.com>
Date: Tue, 9 Dec 2025 18:58:56 +0100
Subject: [PATCH 3/3] remove privileged

---
 weboffice/collabora.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml
index 00977a24..2b79a484 100644
--- a/weboffice/collabora.yml
+++ b/weboffice/collabora.yml
@@ -65,7 +65,6 @@ services:
         --o:home_mode.enable=${COLLABORA_HOME_MODE:-false}
       username: ${COLLABORA_ADMIN_USER:-admin}
       password: ${COLLABORA_ADMIN_PASSWORD:-admin}
-    privileged: true
     cap_add:
       - SYS_ADMIN
       - MKNOD