JellyFin container utilizes 100% CPU

Hello all.

Yesterday, I set up Jellyfin in container. Using the guide at https://wiki.omv-extras.org/do…tall_and_configure_docker

This is my compose file:

---

# Date: 2025-06-01

# https://hub.docker.com/r/linuxserver/jellyfin

# https://jellyfin.org/docs/

services:

jellyfin:

image: lscr.io/linuxserver/jellyfin:latest

container_name: jellyfin

environment:

- PUID=1004 - #result of CLI sudo useradd -U jellyfin

- PGID=1004

- TZ=XXXX

- JELLYFIN_PublishedServerUrl=XXX.XXX.XXX.XXX #optional

volumes:

- ${PATH_TO_APPDATA}/jellyfin/config:/config

- ${PATH_TO_APPDATA}/jellyfin/cache:/cache

- /srv/mergerfs/Media/Media:/media

ports:

- 8096:8096

- 8920:8920 #optional

- 7359:7359/udp #optional

- 1900:1900/udp #optional

restart: unless-stopped

It was successful and container was up and running. I was able to log on to the jellyfin server. However as soon as I I choose the library folder jellyfin container went berserk and utilizes 100% of the cpu for a couple of hours now.

I thought that it may be doing its initiation steps, however after checking on logs, I think I have screwed something up.

Container was up and running for 13 hours. Logs collected over 1,1 million rows of mostly errors.

one of many examples:

[15:49:45] [ERR] [766] Emby.Server.Implementations.IO.ManagedFileSystem: Reading the file size of the symlink at /sys/class/rc/rc0/input1/device/device/supplier:platform:soc@107c000000:firmware/supplier/consumer:platform:107c580000.hvs/consumer/of_node failed. Marking the file as not existing.
jellyfin  | System.IO.FileNotFoundException: Could not find file '/sys/class/rc/rc0/input1/device/device/supplier:platform:soc@107c000000:firmware/supplier/consumer:platform:107c580000.hvs/consumer/of_node'.
jellyfin  | File name: '/sys/class/rc/rc0/input1/device/device/supplier:platform:soc@107c000000:firmware/supplier/consumer:platform:107c580000.hvs/consumer/of_node'
jellyfin  |    at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirError)
jellyfin  |    at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, UnixFileMode openPermissions, Int64& fileLength, UnixFileMode& filePermissions, Boolean failForSymlink, Boolean& wasSymlink, Func`4 createOpenException)
jellyfin  |    at System.IO.File.OpenHandle(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)
jellyfin  |    at Emby.Server.Implementations.IO.ManagedFileSystem.GetFileSystemMetadata(FileSystemInfo info)

just in the last minute of 15:49 it collected 1323 rows of such errors.

Would anyone be willing to help me solve this please?

Thank you. any help will be much appreciated.

More about me and my NAS

My NAS wasn't created for the sake of having NAS, rather it was a quest of self-education in the UNIX world and networking field.

I did setup my NAS using Rpi5 8gb, Radxa Penta hat and a couple of old ntb 5400rpm HDDs.

So yes, I know I have a technological debt here..

Me personally, I do not have any previous experience with containers. This was my very first attempt.

Hi thanks for the reply.

Quote

revise that all files on /srv/mergerfs/Media/Media and under this path are owned by user 1004 or are in the 1004 group , in my case are in the 100 group ( group 100=users are the default group used in OMV).

Thats good hint. but how do I do so? I have copied my files to the NAS after successful deployment of OVM few weeks ago. About existence of MergerFS I learned just yesterday while reading that manual. So sure enough all will be owned by group 100.

As the guide suggested I have created the user and group jellyfin and made sure that it has read access to that /srv/mergerfs/Media/Media folder. Maybe I can add this user also to the original folders as they are created on each disk and give it a try. but there was no mention about making jellyfin an owner of all the data

Quote

revise too that all disk in the mergerfs are in good state , because if fails, can affect to jellyfin that do not find files on it.

they are good. I was able to stream content to VLC or WebOS media player with no issues on accessibility.

here is the compose file as a code again

# This file is auto-generated by openmediavault (https://www.openmediavault.org)
# WARNING: Do not edit this file, your changes will get lost.

# jellyfin
# Media Server
---
# Date: 2025-06-01
# https://hub.docker.com/r/linuxserver/jellyfin
# https://jellyfin.org/docs/
services:
  jellyfin:
    image: lscr.io/linuxserver/jellyfin:latest
    container_name: jellyfin
    environment:
      - PUID=1004
      - PGID=1004
      - TZ=XXX/XXX
      - JELLYFIN_PublishedServerUrl=xxx.xxx.xxx.xxx #optional
    volumes:
      - ${PATH_TO_APPDATA}/jellyfin/config:/config
      - ${PATH_TO_APPDATA}/jellyfin/cache:/cache
      - /srv/mergerfs/Media/Media:/media
    ports:
      - 8096:8096
      - 8920:8920 #optional
      - 7359:7359/udp #optional
      - 1900:1900/udp #optional
    restart: unless-stopped

Quote from chente

If you did this from the GUI, that's probably the problem. The files will be assigned group 100, and you're using group 1004. You'll need to dig deeper into using permissions in Linux if you want to use a custom user and group.

As a side note, keep in mind that the first time Jellyfin creates the library from scratch, including images, etc., for each element. This can take several hours if the library is very large.

as per my original post, I did it properly via CLI

Quote from chente

I'm not referring to the user and group. That can't be done from the GUI; you need the CLI to do it. I'm referring to granting read permissions to library files. The permissions handled by the GUI are Samba permissions, not filesystem-level permissions. Unless you use ACL permissions, which I don't recommend unless you have special needs and know exactly what you're doing.

As the guide you used says, the appuser user in group 100 should be sufficient for 99% of OMV users.

If you created the jellyfin user in group 1004, I assume it wasn't an arbitrary decision and there's a reason for it.

Maybe I have misunderstood the guide here, but before this final remark, it describes that from the security point of view I should have containers isolated.

Since I do not know how many various containers I may be firing up in upcoming months and/or whther or not I will need to access these from internet, I wanted to be future proofed from the very beginning. I wanted to have jellyfin container to be run by a specific user so it has its own set of permissions.

thanks to all hints here, I have a couple of points on my list to test.

• get back to basics: create appuser to run the container. - Passed
• create test folder with 1 media file and run container with this one instead of a whole xx TB library. - Passed
• If successful test the same scenario using MergerFS on a couple of small folders - Passed
• If successful try again on full library - Passed
• If successful, I will know that I have indeed f-ed up the isolation. I will then continue with verify the disk permissions as suggested by Raulfg3 and chente and continue research on how to make it work using isolated users

Kids allow me like 30 minutes a day of free time so this list will take a while to complete I'll keep you updated.

Thank you for suggestions.

Hello all,

many thanks for the hints and tips.

thanks to you, I was able to deploy container and make it work. Now I'm struggle with Mergefs permissions. But the main concept is working.

Quote from raulfg3

you can check permission using ls -la

and use google or chatGPT to know how to change group recursively on your media folder

Yesterday this actualy proved itself as misleading. OMV stated that container is running, yet jellyfin was not. reviewing the logs I found that there is a SQL error as it wants to write into read only database.

I did check permissions on config folder and it showed me only the new UID to have full permissions. the old UID I used to before wasnt even mentioned.

So in the end I've ended up with

rm -rf config

Im not proud of myself to use such crude method to force it my way but it worked

Hence a note for my future self: Should you ever deploy a container, then change your mind and decide to update the user which deployed the container very first time, you will need to delete that config folder.

Quote from BernH

You don't need to delete the config directory ad re-create it in this case, you just need to fix the permissions so the container can access the files.

This is easily done using the chown and chmod cli commands.

chown changes ownership, and chmod changes permissions. The owner of a file can normally perform all actions. This is also what the GID/UID in some containers do. They make the files as the specified user/group and operate as that use/group. chmod extends or removes permissions on the files so other users can access them or be restricted.

With Linux, users and groups are given ID numbers. In omv, the first user created is user id 1000 and group 100 (the users group). you can display these on the users tab or at the cli using the id command.

If you changed to a different user after creating a container that used UID/GID (or PUID/PGID) it may have been made as the first user (1000/100) but the new user might be 1003/100, for example. If you want to use the existing config files you have a few choices. (1) You could change the container UID/GID to the old user, (2) you could change the ownership of the config directory to the new user using something like chown -r 1003:100 /path/to/config (using the example 1003/100 from above), (3) you can sometimes open up the permissions on the files using chmod with a command similar to this chmod -r 755 /path/to/config to allow other used to access them, but depending on the container/application, this will not always work. The change of ownership is the better solution.

Here are some links to the manul pages on these utilities and a permissions calculator to help you see what the permissions mask is doing.

https://linux.die.net/man/1/id

https://linux.die.net/man/1/chown

https://linux.die.net/man/1/chmod

https://chmodcommand.com

Display More

Yes, indeed. I knew that there must be some better solution.

I've tried to display permissions of the Config folder itself not its contents nor the specific file which was causing the log entry.

I must admit that I could take that effort and dig further but I was just lazy to check permissions further and also to look for the means how to change ownership.
Thank you for pointing me to the new knowledge. I will store these for the future.