fix(rootless): run install-user commands from HOME, not the caller cwd
dockerCommandRunInstallUser sudo's to the unprivileged docker install user but inherited the caller's cwd. At install time the caller is root in /root, which that user can't enter, so cwd-sensitive tools failed — e.g. 'find: Failed to change directory: /root' / 'Failed to restore initial working directory' during the app scan (the scan still worked via the absolute start path, but the errors are noise and could bite other commands). Add env --chdir to the install user's HOME for both the argv and shell exec paths so every runFileOp runs from a directory the user can access. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
6b44e8efc4
commit
3a0bcaccb6
@ -39,22 +39,27 @@ dockerCommandRunInstallUser()
|
||||
"PATH=/home/$CFG_DOCKER_INSTALL_USER/bin:/usr/bin:/bin:/usr/local/bin"
|
||||
)
|
||||
|
||||
# Run from the install user's HOME, not the caller's cwd. At install time the
|
||||
# caller is root in /root, which the unprivileged user can't enter, so
|
||||
# cwd-sensitive tools error (e.g. find: "Failed to change directory: /root").
|
||||
local run_cwd="/home/$CFG_DOCKER_INSTALL_USER"
|
||||
|
||||
# --argv: exec the remaining args verbatim (no shell re-parse) so regex/
|
||||
# quotes/backslashes in arguments (e.g. sed scripts) survive intact. Default:
|
||||
# treat $1 as a shell snippet via bash -c (needed for pipes/redirects/
|
||||
# systemctl --user/etc.).
|
||||
if [ -n "$argv_mode" ]; then
|
||||
if [ -n "$silent_flag" ]; then
|
||||
sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" "$@" >/dev/null 2>&1
|
||||
sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" "$@" >/dev/null 2>&1
|
||||
else
|
||||
sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" "$@"
|
||||
sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" "$@"
|
||||
fi
|
||||
else
|
||||
local remote_command="$1"
|
||||
if [ -n "$silent_flag" ]; then
|
||||
sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" bash -c "$remote_command" >/dev/null 2>&1
|
||||
sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" bash -c "$remote_command" >/dev/null 2>&1
|
||||
else
|
||||
sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" bash -c "$remote_command"
|
||||
sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" bash -c "$remote_command"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user