Giving up on Truenas scale, Plex wont work

NickF · Jul 12, 2023

a.dresner said:
Totally agree that security comes first.

Stability was the point I was trying to make but it seems I’ve made a mistake. I thought this was a post regarding Intel ARC when I got an email notifications about it.

But my same point about stability applies to this situation anyway, so it’s not all for nothing I guess. To your question:

Are you saying that mapping a network share in a container compromises the security of the entire server?

While I do believe there will be security implications, the problem here is more in regards to stability. I don’t want to muddy the waters going into ACLs.

Hostpath mounting a directory from the host to a container does not function the same way as mounting a SMB share. There are “rules” in SMB to safeguard concurrent access to the same file, that hostpath mounting will not respect, understand or even be aware of. What that means is if any of your data may be written to via the hostpath mount you may create data corruption in instances where the container and a SMB client are trying to write to or potentially even access the same files.
For Plex specifically, I think disabling the validation check box may be safe enough, but that’s a call that you need to make about your data. A lot of that depends on what post processing you may be doing to your media library

jgreco · Jul 15, 2023

a.dresner said:
Are you saying that mapping a network share in a container compromises the security of the entire server?

Most Linux containers are not built for security but rather for convenience. Be aware that a container that is deliberately exposed to the Internet may not be secure in the manner in which you might expect. Some of us build jails on FreeBSD starting from an empty filesystem and then only including the bare minimum things that are needed, excluding stuff like shells and other common stack overrun exploit vectors.

If you can get a shell inside your container environment, assume an attacker can too. All other security concerns tend to evolve from there.

a.dresner · Jul 15, 2023

Understood. For those of us at home with no open ports to the internet… lots of different thoughts.
Wondering, could I create a symbolic link in a data set that points to a share? That would solve the issue , I think.

jgreco · Jul 17, 2023

a.dresner said:
Wondering, could I create a symbolic link in a data set that points to a share? That would solve the issue , I think.

A symbolic link is interpreted within the visible namespace of the process doing the lookup. This means, for example:

../../../foo/bar -- go up three directories from this directory, then go into foo, and access bar

/mnt/tank/foo/bar -- go to root directory, then into /mnt/tank/foo/bar

So the thing is, within your filesystem/dataset, neither of these really need to exist; if you overlay another mount as "foo" for example:

mount 192.168.1.1:/mnt/tank/baz /net/foo

and you have a directory named /net/a/b/c and are curdir in /net/a/b/c then if you go "cd ../../../foo" you will effectively be on the filesystem being offered as 192.168.1.1:/mnt/tank/baz ... it's a little confusing at first.

a.dresner · Jul 19, 2023

Thank you @jgreco Going to reproach this next month wits a new build. According to https://youtu.be/59NGNZ0kO04 it should work?

NickF · Jul 19, 2023

I mean. I really like Tom Lawrence. I am actually a huge fan. I am actually very annoyed he skipped over the warning and didn't explain why it exists....
Anyway...We've already talked about these points. Here are the forum posts cross referenced with the same information in the video...

Giving up on Truenas scale, Plex wont work

I have successfully installed Truenas Core and got Plex to work (it did take me some time to though) but i got it working and could watch my videos and listen to my music. However I would like to start from scratch and use Truenas Scale and have successfully installed it. I want scale because...

www.truenas.com

TrueNAS Scale: A Step-by-Step Guide to Dataset, Shares, and App Permissions

https://lawrence.video/truenasConnecting With Us--------------------------------------------------- + Hire Us For A Project: https://lawrencesystems.com/hir...

youtu.be

And again here:

Giving up on Truenas scale, Plex wont work

I have successfully installed Truenas Core and got Plex to work (it did take me some time to though) but i got it working and could watch my videos and listen to my music. However I would like to start from scratch and use Truenas Scale and have successfully installed it. I want scale because...

www.truenas.com

TrueNAS Scale: A Step-by-Step Guide to Dataset, Shares, and App Permissions

https://lawrence.video/truenasConnecting With Us--------------------------------------------------- + Hire Us For A Project: https://lawrencesystems.com/hir...

youtu.be

Same thing here:

TrueNAS Scale: A Step-by-Step Guide to Dataset, Shares, and App Permissions

https://lawrence.video/truenasConnecting With Us--------------------------------------------------- + Hire Us For A Project: https://lawrencesystems.com/hir...

youtu.be

jgreco · Jul 20, 2023

a.dresner said:
Thank you @jgreco Going to reproach this next month wits a new build. According to https://youtu.be/59NGNZ0kO04 it should work?

I have no idea. I can't easily watch YouTube videos, it's something the office UTM doesn't allow.

Important Announcement for the TrueNAS Community.

Giving up on Truenas scale, Plex wont work

NickF

Guru

jgreco

Resident Grinch

a.dresner

Explorer

jgreco

Resident Grinch

a.dresner

Explorer

NickF

Guru

Giving up on Truenas scale, Plex wont work

TrueNAS Scale: A Step-by-Step Guide to Dataset, Shares, and App Permissions

Giving up on Truenas scale, Plex wont work

TrueNAS Scale: A Step-by-Step Guide to Dataset, Shares, and App Permissions

TrueNAS Scale: A Step-by-Step Guide to Dataset, Shares, and App Permissions

jgreco

Resident Grinch

Similar threads