Introduction #
I recently installed Proxmox on my homelab and created an LXC container for my Jellyfin installation. All my media is on a ZFS dataset which I wanted to bind mount on the container.
The Proxmox documentation explains quite well how to map UIDs and GIDs between the host and the container. It led me to add the following lines to the container configuration file.
lxc.idmap: u 0 100000 110
lxc.idmap: g 0 100000 118
lxc.idmap: u 110 1000 1
lxc.idmap: g 118 1000 1
lxc.idmap: u 111 100111 65425
lxc.idmap: g 119 100119 65417
I also added the corresponding lines to /etc/subuid and /etc/subgid.
# /etc/subuid
root:110:1
# /etc/subgid
root:118:1
The Problem #
However, when restarting the container, the Jellyfin server is not started, producing the following error.
× jellyfin.service - Jellyfin Media Server
Loaded: loaded (/lib/systemd/system/jellyfin.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/jellyfin.service.d
└─jellyfin.service.conf
Active: failed (Result: exit-code) since Sat 2025-01-18 13:38:50 EST; 29s ago
Process: 292 ExecStart=/usr/bin/jellyfin $JELLYFIN_WEB_OPT $JELLYFIN_FFMPEG_OPT $JELLYFIN_SERVICE_OPT $JELLYFIN_NOWEBAPP_OPT $JELLYFIN_ADDITIONAL_OPTS (code=exited, status=200/CHDIR)
Main PID: 292 (code=exited, status=200/CHDIR)
CPU: 295us
Jan 18 13:38:50 jellyfin systemd[1]: jellyfin.service: Scheduled restart job, restart counter is at 5.
Jan 18 13:38:50 jellyfin systemd[1]: Stopped Jellyfin Media Server.
Jan 18 13:38:50 jellyfin systemd[1]: jellyfin.service: Start request repeated too quickly.
Jan 18 13:38:50 jellyfin systemd[1]: jellyfin.service: Failed with result 'exit-code'.
Jan 18 13:38:50 jellyfin systemd[1]: Failed to start Jellyfin Media Server.
After some research, I found out that this error is quite common. Some users proposed workarounds, but nothing was quite satisfying.
The error message indicates a CHDIR error, therefore it’s probably related to directory permissions. Let’s check the service file located at /lib/systemd/system/jellyfin.service.
[Unit]
Description = Jellyfin Media Server
After = network-online.target
[Service]
Type = simple
EnvironmentFile = /etc/default/jellyfin
User = jellyfin
Group = jellyfin
WorkingDirectory = /var/lib/jellyfin
ExecStart = /usr/bin/jellyfin $JELLYFIN_WEB_OPT $JELLYFIN_FFMPEG_OPT $JELLYFIN_SERVICE_OPT $JELLYFIN_NOWEBAPP_OPT $JELLYFIN_ADDITIONAL_OPTS
Restart = on-failure
TimeoutSec = 15
SuccessExitStatus=0 143
[Install]
WantedBy = multi-user.target
The working directory specified in the service file has insufficient permissions for the jellyfin user to CHDIR to it.
drwxr-x--- 9 nobody adm 4096 Jan 18 13:32 jellyfin
The owner of the directory is nobody, who has a UID of 65534.
drwxr-x--- 9 65534 4 4096 Jan 18 13:32 jellyfin
The problem resides in the way that Proxmox creates the user mapping. The UID 110 in the container gets mapped to the UID 1000 of the host. Therefore, the original UID 110 is mapped back to 65534.
The Solution #
The fix I found consists in changing the permissions of the files and folders owned by the jellyfin user before mapping the UIDs and GIDs.
First, as soon as the container is created, we stop the Jellyfin server and temporarily change ownership to an unused UID and GID, in this case 1000.
systemctl stop jellyfin
find / -user 110 -exec chown -h 1000 {} \;
find / -group 118 -exec chgrp -h 1000 {} \;
Then, we map the UIDs and GIDs (see above) and restart the container.
Finally, we change back the files and folders to their original owners.
find / -user 1000 -exec chown -h 110 {} \;
find / -group 1000 -exec chgrp -h 118 {} \;
After this, the Jellyfin server runs fine and has access to the shared dataset.