Container shuts down if it can't relabel a subdirectory

[Cutter]

Hi,

Jellyfin runs on Fedora 41 in a rootless podman container managed by systemd.

The container is configured to relabel the media dir. Jellyfin runs as its own user.

Problem: if another process moves a directory not owned by jellyfin into the media directory, Jellyfin fails to relabel it on startup and the container shuts down. Seems a bit harsh, no ?

How should this scenario be managed ? I don't want to give ownership of the media dir to jellyfin. I've set its group to jellyfin but it's not enough. Should i give up relabeling ?

This is my .container file:
https://pastebin.com/GjS9g6Wy

The authorization failure:

time->Thu May  8 20:21:00 2025
type=PROCTITLE msg=audit(1746728460.700:6069): proctitle=2F7573722F62696E2F706F646D616E002D2D6C6F672D6C6576656C3D64656275670072756E002D2D6E616D65006A656C6C7966696E002D2D63696466696C653D2F72756E2F757365722F3937302F6A656C6C7966696E2E636964002D2D7265706C616365002D2D726D002D2D6367726F7570733D73706C6974002D2D67726F75
type=PATH msg=audit(1746728460.700:6069): item=0 name="/mnt/sdb/media/subdir" inode=722520 dev=00:30 mode=040775 ouid=1000 ogid=1000 rdev=00:00 obj=unconfined_u:object_r:container_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1746728460.700:6069): cwd="/var/lib/jellyfin"
type=SYSCALL msg=audit(1746728460.700:6069): arch=c000003e syscall=189 success=no exit=-1 a0=c0007240a0 a1=c0006200a8 a2=c00047af30 a3=25 items=1 ppid=1334 pid=67737 auid=970 uid=970 gid=967 euid=970 suid=970 fsuid=970 egid=967 sgid=967 fsgid=967 tty=(none) ses=1 comm="podman" exe="/usr/bin/podman" subj=unconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023 key="blabla"