Root systemd podman container does not mount volume :-(

The root systemd service for a podman container doesn’t mount the volumes. Specifically, the /config and /cache , although, the /media one does!

# cat container-myjellyfin.service 

# container-myjellyfin.service
# autogenerated by Podman 4.1.1
# Thu Sep 29 13:51:32 PDT 2022

[Unit]
Description=Podman container-myjellyfin.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
	--cidfile=%t/%n.ctr-id \
	--cgroups=no-conmon \
	--rm \
	--sdnotify=conmon \
	--replace \
	--detach \
	--label io.containers.autoupdate=registry \
	--name myjellyfin \
	--publish 8096:8096/tcp \
	--gpus all \
	--volume /home/user/Jellyfin/cache:/cache:z \
	--volume /home/user/Jellyfin/config:/config:z \
	--volume /home/user/Jellyfin/media:/media:ro,z docker.io/jellyfin/jellyfin:latest
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all

[Install]
WantedBy=default.target 

However, the following command DOES mount the volumes (not a systemd service):

[root@host]# podman run \
 --detach \
 --label "io.containers.autoupdate=registry" \
 --name myjellyfin \
 --publish 8096:8096/tcp \
 --rm \
 --gpus all \
 --volume /home/user/Jellyfin/cache:/cache:z \
 --volume /home/user/Jellyfin/config:/config:z \
 --volume /home/user/Jellyfin/media:/media:ro,z docker.io/jellyfin/jellyfin:latest \
 docker.io/jellyfin/jellyfin:latest ; podman start myjellyfin

So what’s going on? Is it a systemd issue, podman issue, or jellyfin issue?

Thanks!

System info:

$ cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"

$ podman -v
podman version 4.1.1

Duplicate reddit post

I’m starting from systemd podman containers with volumes in Rocky 8.6 and there is no issue. I do it only in rootless mode however. The containers are started from systemd as user service, thus they run as non-root user.

Your post mentions “root podman”, I guess root systemd is meant. But the manual podman execution seems to be done as another user, the dollar sign would indicate it.

Make sure to be clear whether the container runs in rootless or rootfull mode. Unless there is a very good reason for it, avoid running containers as root, as it is insecure.

When run in non-root it works as well, but to clarify, the podman run command is being done in root (fixed in the post), and the systemd service file generated is all being done on root. And when all done in root, the problem occurs

Unfortunately, I have to run the containers as root because I ran into an annoying bug/issue with container hardware acceleration using with NVIDIA container-tool-kit

On my Rocky 8.6 (podman 4.1.1) volumes can be mounted into containers started from root systemd without problem.

Check if an error is logged when starting the container:

journalctl -u container-myjellyfin.service

Check also /var/log/messages when the container is started.
Check the ownership, permissions and security context of the directories (ls -aZ). The security context container_file_t should be set.
Check if SELinux is blocking something (look for AVC in /var/log/audit/audit.log).

I have Jellyfin working in a rootless container with NVIDIA GPU transcoding, on Rocky Linux 8.6.

This is my startup script, executed by a user called “jellypod” that owns /data/jellypod, had to use security-opt=label=disable to make it work:

podman run \
 --rm \
 --security-opt=label=disable \
 --detach \
 --hooks-dir=/usr/share/containers/oci/hooks.d/ \
 --label "io.containers.autoupdate=registry" \
 --publish 8096:8096/tcp \
 --user $(id -u jellypod):$(id -g jellypod) \
 --userns keep-id \
 --volume /data/jellypod/cache:/cache:Z \
 --volume /data/jellypod/config:/config:Z \
 --volume /data/jellypod/streaming:/media:z \
 docker.io/jellyfin/jellyfin:latest

Ah ok, it’s fixed now. I’m not sure which exactly fixed it, but I did the following:

1. [root@host]# chown -R root:root config cache media (previously was owned by user)
2. Added --user $(id -u):$(id -g) to the podman run command

[root@host]# podman run \
 --detach \
 --label "io.containers.autoupdate=registry" \
 --name myjellyfin \
 --publish 8096:8096/tcp \
 --rm \
 --gpus all \
 --user $(id -u):$(id -g) \ #<--- added this 
 --volume /home/ian/Jellyfin/cache:/cache:z \
 --volume /home/ian/Jellyfin/config:/config:z \
 --volume /home/ian/Jellyfin/media:/media:ro,z docker.io/jellyfin/jellyfin:latest \
 docker.io/jellyfin/jellyfin:latest 

3. Re-generated the service file podman generate systemd --new --name myjellyfin > container-myjellyfin.service and moved the serviced file to /etc/systemd/system/ and enabled the service systemctl enable --now container-myjellyfin.service

And voila, it now works. If i were to guess what made it work, i’d say it was changing the ownership of the files from user to root, as previously I assumed root would be able to access the user folders because it’s root…

Thank you all for the tips and help!

@dali I quickly checked your solution to run the container as non-root, but I couldn’t get hardware acceleration to work once it was up (got the playback error), so I’ll have to do some additional digging later.

There are a couple of things you need to do to run Jellyfin rootless.

I assume you have NVIDIA Container Toolkit installed. In /etc/nvidia-container-runtime/config.toml:

• Change no-cgroups = false to true.
• Change ldconfig = "@/sbin/ldconfig" to "/sbin/ldconfig" (remove @).

Podman startup parameters you may have to add:

• --hooks-dir=/usr/share/containers/oci/hooks.d/ (might not be necessary, but I have added it)
• --security-opt=label=disable
• --userns keep-id

If you want to be able to start the container and then logoff the user running the container you need to enable linger for the user, example:

sudo loginctl enable-linger <username>

Ok, so I have this weird issue, where your config above as non-root, however, it only works if I run the a container once as root first. If the I haven’t run as root first, then it doesn’t work.

For e.g, for it to work I must:

1. Run the container as root (editing the /etc/nvidia-container-runtime/config.toml as needed)
2. Then run the container as non-root (again, editing the /etc/nvidia-container-runtime/config.toml as needed).

However, if I reboot the machine from scratch, and then run the container as non-root first, the following error occurs (from the container logs) when trying to play a video:

[00:28:18] [WRN] [26] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from http://localhost:8096/Items/e2ed2b440eaca58d0f5c4ad9e3447ca8/Images/Primary?fillHeight=334&fillWidth=223&quality=96&tag=79c18145d3b74916559cf6c5c53e620a to 10.0.2.100 in 0:00:00.7547607 with Status Code 200
[00:28:18] [WRN] [27] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from http://localhost:8096/Items/e5acab0d8541ee7a5988671d37cbf360/Images/Primary?fillHeight=335&fillWidth=223&quality=96&tag=9a01a42870d31756f6bdcf0de36d919f to 10.0.2.100 in 0:00:00.759765 with Status Code 200
[00:28:18] [WRN] [8] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from http://localhost:8096/Items/befb4ea7ac78c241b211682efe76921d/Images/Primary?fillHeight=334&fillWidth=223&quality=96&tag=68690f2ada1c118835ff013ed141371d to 10.0.2.100 in 0:00:00.6563556 with Status Code 200
[00:28:18] [WRN] [21] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from http://localhost:8096/Items/693f706d614b501f0a0e55c9a6d11b43/Images/Primary?fillHeight=335&fillWidth=223&quality=96&tag=506a7dc66f2e36c5b094210c65bd5e20 to 10.0.2.100 in 0:00:00.8624361 with Status Code 200
[00:28:21] [INF] [21] Jellyfin.Api.Helpers.MediaInfoHelper: User policy for user. EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: True EnableAudioPlaybackTranscoding: True
[00:28:21] [INF] [21] Jellyfin.Api.Helpers.MediaInfoHelper: StreamBuilder.BuildVideoItem( Profile=Anonymous Profile, Path=/media/Movies/movie/movie.mp4, AudioStreamIndex=null, SubtitleStreamIndex=null ) => ( PlayMethod=Transcode, TranscodeReason=VideoCodecNotSupported ) media:/videos/e61c7ee3-980d-0d5b-c75b-2da2e88290f4/master.m3u8?MediaSourceId=e61c7ee3980d0d5bc75b2da2e88290f4&VideoCodec=h264&AudioCodec=aac&AudioStreamIndex=1&VideoBitrate=139616000&AudioBitrate=384000&AudioSampleRate=48000&MaxFramerate=23.976025&api_key=<token>&SubtitleMethod=Encode&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=19150d316cf47344554cea4669863d81&SegmentContainer=ts&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=120&hevc-videobitdepth=10&hevc-profile=main10&hevc-audiochannels=6&aac-profile=lc&h264-profile=high,main,baseline,constrainedbaseline,high10&h264-rangetype=SDR&h264-level=52&h264-deinterlace=true&TranscodeReasons=VideoCodecNotSupported
[00:28:22] [INF] [25] Jellyfin.Api.Controllers.DynamicHlsController: Current HLS implementation doesn't support non-keyframe breaks but one is requested, ignoring that request
[00:28:22] [INF] [25] Jellyfin.Api.Helpers.TranscodingJobHelper: /usr/lib/jellyfin-ffmpeg/ffmpeg -analyzeduration 200M -init_hw_device cuda=cu:0 -filter_hw_device cu -hwaccel cuda -hwaccel_output_format cuda -threads 1 -autorotate 0 -i file:"/media/Movies/movie/movie.mp4" -autoscale 0 -map_metadata -1 -map_chapters -1 -threads 0 -map 0:0 -map 0:1 -map -0:s -codec:v:0 h264_nvenc -preset p4 -b:v 6667030 -maxrate 6667030 -bufsize 13334060 -profile:v:0 high -g:v:0 72 -keyint_min:v:0 72 -vf "setparams=color_primaries=bt709:color_trc=bt709:colorspace=bt709,scale_cuda=format=yuv420p" -codec:a:0 libfdk_aac -ac 2 -ab 384000 -ar 48000 -af "volume=2" -copyts -avoid_negative_ts disabled -max_muxing_queue_size 2048 -f hls -max_delay 5000000 -hls_time 3 -hls_segment_type mpegts -start_number 0 -hls_segment_filename "/config/transcodes/f7b8306d812dd1c90249d69abde90b86%d.ts" -hls_playlist_type vod -hls_list_size 0 -y "/config/transcodes/f7b8306d812dd1c90249d69abde90b86.m3u8"
[00:28:22] [ERR] [22] Jellyfin.Api.Helpers.TranscodingJobHelper: FFmpeg exited with code 1
[00:28:22] [ERR] [8] Jellyfin.Server.Middleware.ExceptionMiddleware: Error processing request. URL GET /videos/e61c7ee3-980d-0d5b-c75b-2da2e88290f4/hls1/main/0.ts.
MediaBrowser.Common.FfmpegException: FFmpeg exited with code 1
   at Jellyfin.Api.Helpers.TranscodingJobHelper.StartFfMpeg(StreamState state, String outputPath, String commandLineArguments, HttpRequest request, TranscodingJobType transcodingJobType, CancellationTokenSource cancellationTokenSource, String workingDirectory)
   at Jellyfin.Api.Controllers.DynamicHlsController.GetDynamicSegment(StreamingRequestDto streamingRequest, Int32 segmentId)
   at Jellyfin.Api.Controllers.DynamicHlsController.GetHlsVideoSegment(Guid itemId, String playlistId, Int32 segmentId, String container, Int64 runtimeTicks, Int64 actualSegmentLengthTicks, Nullable`1 static, String params, String tag, String deviceProfileId, String playSessionId, String segmentContainer, Nullable`1 segmentLength, Nullable`1 minSegments, String mediaSourceId, String deviceId, String audioCodec, Nullable`1 enableAutoStreamCopy, Nullable`1 allowVideoStreamCopy, Nullable`1 allowAudioStreamCopy, Nullable`1 breakOnNonKeyFrames, Nullable`1 audioSampleRate, Nullable`1 maxAudioBitDepth, Nullable`1 audioBitRate, Nullable`1 audioChannels, Nullable`1 maxAudioChannels, String profile, String level, Nullable`1 framerate, Nullable`1 maxFramerate, Nullable`1 copyTimestamps, Nullable`1 startTimeTicks, Nullable`1 width, Nullable`1 height, Nullable`1 maxWidth, Nullable`1 maxHeight, Nullable`1 videoBitRate, Nullable`1 subtitleStreamIndex, Nullable`1 subtitleMethod, Nullable`1 maxRefFrames, Nullable`1 maxVideoBitDepth, Nullable`1 requireAvc, Nullable`1 deInterlace, Nullable`1 requireNonAnamorphic, Nullable`1 transcodingMaxAudioChannels, Nullable`1 cpuCoreLimit, String liveStreamId, Nullable`1 enableMpegtsM2TsMode, String videoCodec, String subtitleCodec, String transcodeReasons, Nullable`1 audioStreamIndex, Nullable`1 videoStreamIndex, Nullable`1 context, Dictionary`2 streamOptions)
   at lambda_method1118(Closure , Object )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Jellyfin.Server.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)
   at Jellyfin.Server.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
   at Jellyfin.Server.Middleware.IpBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)
   at Jellyfin.Server.Middleware.LanFilteringMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)
   at Jellyfin.Server.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Jellyfin.Server.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)
   at Jellyfin.Server.Middleware.ExceptionMiddleware.Invoke(HttpContext context)
[00:28:23] [INF] [21] Jellyfin.Api.Helpers.MediaInfoHelper: User policy for user. EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: True EnableAudioPlaybackTranscoding: True
[00:28:23] [INF] [21] Jellyfin.Api.Helpers.MediaInfoHelper: StreamBuilder.BuildVideoItem( Profile=Anonymous Profile, Path=/media/Movies/movie.mp4, AudioStreamIndex=1, SubtitleStreamIndex=-1 ) => ( PlayMethod=Transcode, TranscodeReason=VideoCodecNotSupported ) media:/videos/e61c7ee3-980d-0d5b-c75b-2da2e88290f4/master.m3u8?MediaSourceId=e61c7ee3980d0d5bc75b2da2e88290f4&VideoCodec=h264&AudioCodec=aac&AudioStreamIndex=1&VideoBitrate=139616000&AudioBitrate=384000&AudioSampleRate=48000&MaxFramerate=23.976025&api_key=<token>&SubtitleMethod=Encode&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=19150d316cf47344554cea4669863d81&SegmentContainer=ts&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=120&hevc-videobitdepth=10&hevc-profile=main10&hevc-audiochannels=6&aac-profile=lc&h264-profile=high,main,baseline,constrainedbaseline,high10&h264-rangetype=SDR&h264-level=52&h264-deinterlace=true&TranscodeReasons=VideoCodecNotSupported
[00:28:23] [INF] [22] Jellyfin.Api.Helpers.TranscodingJobHelper: Deleting partial stream file(s) /config/transcodes/f7b8306d812dd1c90249d69abde90b86.m3u8
[00:28:23] [WRN] [13] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from http://localhost:8096/Sessions/Playing/Progress to 10.0.2.100 in 0:00:00.8449792 with Status Code 204
[00:28:25] [WRN] [21] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from http://localhost:8096/videos/e61c7ee3-980d-0d5b-c75b-2da2e88290f4/main.m3u8?DeviceId=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA1LjAuMC4wIFNhZmFyaS81MzcuMzZ8MTY2NDc1Njg4MTU5MA11&MediaSourceId=e61c7ee3980d0d5bc75b2da2e88290f4&VideoCodec=h264&AudioCodec=aac&AudioStreamIndex=1&VideoBitrate=139616000&AudioBitrate=384000&AudioSampleRate=48000&MaxFramerate=23.976025&PlaySessionId=61e7352e1013499c9ce6c807ae365b99&api_key=f549a04d397c424a8082857c55ed77a3&SubtitleMethod=Encode&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=19150d316cf47344554cea4669863d81&SegmentContainer=ts&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=120&hevc-videobitdepth=10&hevc-profile=main10&hevc-audiochannels=6&aac-profile=lc&h264-profile=high,main,baseline,constrainedbaseline,high10&h264-rangetype=SDR&h264-level=52&h264-deinterlace=true&TranscodeReasons=VideoCodecNotSupported&allowVideoStreamCopy=false to 10.0.2.100 in 0:00:01.6135215 with Status Code 200
[00:28:25] [WRN] [8] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from http://localhost:8096/Sessions/Playing to 10.0.2.100 in 0:00:02.5484933 with Status Code 204
[00:28:25] [INF] [24] Jellyfin.Api.Controllers.DynamicHlsController: Current HLS implementation doesn't support non-keyframe breaks but one is requested, ignoring that request
[00:28:25] [INF] [24] Jellyfin.Api.Helpers.TranscodingJobHelper: /usr/lib/jellyfin-ffmpeg/ffmpeg -analyzeduration 200M -init_hw_device cuda=cu:0 -filter_hw_device cu -hwaccel cuda -hwaccel_output_format cuda -threads 1 -autorotate 0 -i file:"/media/Movies/movie.mp4" -autoscale 0 -map_metadata -1 -map_chapters -1 -threads 0 -map 0:0 -map 0:1 -map -0:s -codec:v:0 h264_nvenc -preset p4 -b:v 6667030 -maxrate 6667030 -bufsize 13334060 -profile:v:0 high -g:v:0 72 -keyint_min:v:0 72 -vf "setparams=color_primaries=bt709:color_trc=bt709:colorspace=bt709,scale_cuda=format=yuv420p" -codec:a:0 libfdk_aac -ac 2 -ab 384000 -ar 48000 -af "volume=2" -copyts -avoid_negative_ts disabled -max_muxing_queue_size 2048 -f hls -max_delay 5000000 -hls_time 3 -hls_segment_type mpegts -start_number 0 -hls_segment_filename "/config/transcodes/566b760caff1f7eefad3d8b0aab5d38c%d.ts" -hls_playlist_type vod -hls_list_size 0 -y "/config/transcodes/566b760caff1f7eefad3d8b0aab5d38c.m3u8"
[00:28:25] [ERR] [13] Jellyfin.Api.Helpers.TranscodingJobHelper: FFmpeg exited with code 1
[00:28:25] [ERR] [25] Jellyfin.Server.Middleware.ExceptionMiddleware: Error processing request. URL GET /videos/e61c7ee3-980d-0d5b-c75b-2da2e88290f4/hls1/main/0.ts.
MediaBrowser.Common.FfmpegException: FFmpeg exited with code 1
   at Jellyfin.Api.Helpers.TranscodingJobHelper.StartFfMpeg(StreamState state, String outputPath, String commandLineArguments, HttpRequest request, TranscodingJobType transcodingJobType, CancellationTokenSource cancellationTokenSource, String workingDirectory)
   at Jellyfin.Api.Controllers.DynamicHlsController.GetDynamicSegment(StreamingRequestDto streamingRequest, Int32 segmentId)
   at Jellyfin.Api.Controllers.DynamicHlsController.GetHlsVideoSegment(Guid itemId, String playlistId, Int32 segmentId, String container, Int64 runtimeTicks, Int64 actualSegmentLengthTicks, Nullable`1 static, String params, String tag, String deviceProfileId, String playSessionId, String segmentContainer, Nullable`1 segmentLength, Nullable`1 minSegments, String mediaSourceId, String deviceId, String audioCodec, Nullable`1 enableAutoStreamCopy, Nullable`1 allowVideoStreamCopy, Nullable`1 allowAudioStreamCopy, Nullable`1 breakOnNonKeyFrames, Nullable`1 audioSampleRate, Nullable`1 maxAudioBitDepth, Nullable`1 audioBitRate, Nullable`1 audioChannels, Nullable`1 maxAudioChannels, String profile, String level, Nullable`1 framerate, Nullable`1 maxFramerate, Nullable`1 copyTimestamps, Nullable`1 startTimeTicks, Nullable`1 width, Nullable`1 height, Nullable`1 maxWidth, Nullable`1 maxHeight, Nullable`1 videoBitRate, Nullable`1 subtitleStreamIndex, Nullable`1 subtitleMethod, Nullable`1 maxRefFrames, Nullable`1 maxVideoBitDepth, Nullable`1 requireAvc, Nullable`1 deInterlace, Nullable`1 requireNonAnamorphic, Nullable`1 transcodingMaxAudioChannels, Nullable`1 cpuCoreLimit, String liveStreamId, Nullable`1 enableMpegtsM2TsMode, String videoCodec, String subtitleCodec, String transcodeReasons, Nullable`1 audioStreamIndex, Nullable`1 videoStreamIndex, Nullable`1 context, Dictionary`2 streamOptions)
   at lambda_method1118(Closure , Object )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Jellyfin.Server.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)
   at Jellyfin.Server.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
   at Jellyfin.Server.Middleware.IpBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)
   at Jellyfin.Server.Middleware.LanFilteringMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)
   at Jellyfin.Server.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Jellyfin.Server.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)
   at Jellyfin.Server.Middleware.ExceptionMiddleware.Invoke(HttpContext context)
[00:28:25] [INF] [25] Jellyfin.Api.Helpers.MediaInfoHelper: User policy for user. EnablePlaybackRemuxing: True EnableVideoPlaybackTranscoding: True EnableAudioPlaybackTranscoding: True
[00:28:25] [INF] [25] Jellyfin.Api.Helpers.MediaInfoHelper: StreamBuilder.BuildVideoItem( Profile=Anonymous Profile, Path=/media/Movies/movie/movie.mp4, AudioStreamIndex=1, SubtitleStreamIndex=-1 ) => ( PlayMethod=Transcode, TranscodeReason=VideoCodecNotSupported ) media:/videos/e61c7ee3-980d-0d5b-c75b-2da2e88290f4/master.m3u8?MediaSourceId=e61c7ee3980d0d5bc75b2da2e88290f4&VideoCodec=h264&AudioCodec=aac&AudioStreamIndex=1&VideoBitrate=139616000&AudioBitrate=384000&AudioSampleRate=48000&MaxFramerate=23.976025&api_key=<token>&SubtitleMethod=Encode&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=19150d316cf47344554cea4669863d81&SegmentContainer=ts&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=120&hevc-videobitdepth=10&hevc-profile=main10&hevc-audiochannels=6&aac-profile=lc&h264-profile=high,main,baseline,constrainedbaseline,high10&h264-rangetype=SDR&h264-level=52&h264-deinterlace=true&TranscodeReasons=VideoCodecNotSupported
[00:28:25] [INF] [25] Jellyfin.Api.Helpers.TranscodingJobHelper: Deleting partial stream file(s) /config/transcodes/566b760caff1f7eefad3d8b0aab5d38c.m3u8
[00:28:25] [INF] [25] Jellyfin.Api.Controllers.DynamicHlsController: Current HLS implementation doesn't support non-keyframe breaks but one is requested, ignoring that request
[00:28:25] [INF] [25] Jellyfin.Api.Helpers.TranscodingJobHelper: /usr/lib/jellyfin-ffmpeg/ffmpeg -analyzeduration 200M -init_hw_device cuda=cu:0 -filter_hw_device cu -hwaccel cuda -hwaccel_output_format cuda -threads 1 -autorotate 0 -i file:"/media/Movies/movie/movie.mp4" -autoscale 0 -map_metadata -1 -map_chapters -1 -threads 0 -map 0:0 -map 0:1 -map -0:s -codec:v:0 h264_nvenc -preset p4 -b:v 6667030 -maxrate 6667030 -bufsize 13334060 -profile:v:0 high -g:v:0 72 -keyint_min:v:0 72 -vf "setparams=color_primaries=bt709:color_trc=bt709:colorspace=bt709,scale_cuda=format=yuv420p" -codec:a:0 libfdk_aac -ac 2 -ab 384000 -ar 48000 -af "volume=2" -copyts -avoid_negative_ts disabled -max_muxing_queue_size 2048 -f hls -max_delay 5000000 -hls_time 3 -hls_segment_type mpegts -start_number 0 -hls_segment_filename "/config/transcodes/1b0f993e148ea7a863d8ee383065423f%d.ts" -hls_playlist_type vod -hls_list_size 0 -y "/config/transcodes/1b0f993e148ea7a863d8ee383065423f.m3u8"
[00:28:25] [ERR] [26] Jellyfin.Api.Helpers.TranscodingJobHelper: FFmpeg exited with code 1
[00:28:25] [ERR] [27] Jellyfin.Server.Middleware.ExceptionMiddleware: Error processing request. URL GET /videos/e61c7ee3-980d-0d5b-c75b-2da2e88290f4/hls1/main/0.ts.
MediaBrowser.Common.FfmpegException: FFmpeg exited with code 1
   at Jellyfin.Api.Helpers.TranscodingJobHelper.StartFfMpeg(StreamState state, String outputPath, String commandLineArguments, HttpRequest request, TranscodingJobType transcodingJobType, CancellationTokenSource cancellationTokenSource, String workingDirectory)
   at Jellyfin.Api.Controllers.DynamicHlsController.GetDynamicSegment(StreamingRequestDto streamingRequest, Int32 segmentId)
   at Jellyfin.Api.Controllers.DynamicHlsController.GetHlsVideoSegment(Guid itemId, String playlistId, Int32 segmentId, String container, Int64 runtimeTicks, Int64 actualSegmentLengthTicks, Nullable`1 static, String params, String tag, String deviceProfileId, String playSessionId, String segmentContainer, Nullable`1 segmentLength, Nullable`1 minSegments, String mediaSourceId, String deviceId, String audioCodec, Nullable`1 enableAutoStreamCopy, Nullable`1 allowVideoStreamCopy, Nullable`1 allowAudioStreamCopy, Nullable`1 breakOnNonKeyFrames, Nullable`1 audioSampleRate, Nullable`1 maxAudioBitDepth, Nullable`1 audioBitRate, Nullable`1 audioChannels, Nullable`1 maxAudioChannels, String profile, String level, Nullable`1 framerate, Nullable`1 maxFramerate, Nullable`1 copyTimestamps, Nullable`1 startTimeTicks, Nullable`1 width, Nullable`1 height, Nullable`1 maxWidth, Nullable`1 maxHeight, Nullable`1 videoBitRate, Nullable`1 subtitleStreamIndex, Nullable`1 subtitleMethod, Nullable`1 maxRefFrames, Nullable`1 maxVideoBitDepth, Nullable`1 requireAvc, Nullable`1 deInterlace, Nullable`1 requireNonAnamorphic, Nullable`1 transcodingMaxAudioChannels, Nullable`1 cpuCoreLimit, String liveStreamId, Nullable`1 enableMpegtsM2TsMode, String videoCodec, String subtitleCodec, String transcodeReasons, Nullable`1 audioStreamIndex, Nullable`1 videoStreamIndex, Nullable`1 context, Dictionary`2 streamOptions)
   at lambda_method1118(Closure , Object )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Jellyfin.Server.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)
   at Jellyfin.Server.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
   at Jellyfin.Server.Middleware.IpBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)
   at Jellyfin.Server.Middleware.LanFilteringMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Server.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)
   at Jellyfin.Server.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Jellyfin.Server.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)
   at Jellyfin.Server.Middleware.ExceptionMiddleware.Invoke(HttpContext context)
[00:28:25] [INF] [8] Jellyfin.Api.Helpers.TranscodingJobHelper: Deleting partial stream file(s) /config/transcodes/1b0f993e148ea7a863d8ee383065423f.m3u8
[00:28:27] [INF] [27] Emby.Server.Implementations.Session.SessionManager: Playback stopped reported by app Jellyfin Web 10.8.4 playing Thor: Love and Thunder. Stopped at 0 ms
[00:28:27] [WRN] [27] Jellyfin.Server.Middleware.ResponseTimeMiddleware: Slow HTTP Response from http://localhost:8096/Sessions/Playing/Stopped to 10.0.2.100 in 0:00:02.2362198 with Status Code 204

What happens if you run this command after you’ve started the container as a non-root user (logged on as the same user running the container):

podman exec -it myjellyfin nvidia-smi

Running as non-root fresh from a machine boot:

$ podman exec -it myjellyfin nvidia-smi

Tue Oct  4 04:44:28 2022       
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 515.76       Driver Version: 515.76       CUDA Version: 11.7     |
|-------------------------------+----------------------+----------------------+
| GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap|         Memory-Usage | GPU-Util  Compute M. |
|                               |                      |               MIG M. |
|===============================+======================+======================|
|   0  NVIDIA GeForce ...  Off  | 00000000:01:00.0  On |                  N/A |
| 28%   42C    P8     6W / 151W |    156MiB /  8192MiB |      0%      Default |
|                               |                      |                  N/A |
+-------------------------------+----------------------+----------------------+
                                                                               
+-----------------------------------------------------------------------------+
| Processes:                                                                  |
|  GPU   GI   CI        PID   Type   Process name                  GPU Memory |
|        ID   ID                                                   Usage      |
|=============================================================================|
+-----------------------------------------------------------------------------+

Looks like the GPU is available.

If Jellyfin works after root has started the container once I suspect that there’s some access/ownership problem with the folders attached to the container at runtime.

Could you provide the complete podman command used to start the container as a non-root user?