fix(rootless): run install-user commands from HOME, not the caller cwd

dockerCommandRunInstallUser sudo's to the unprivileged docker install user but
inherited the caller's cwd. At install time the caller is root in /root, which
that user can't enter, so cwd-sensitive tools failed — e.g. 'find: Failed to
change directory: /root' / 'Failed to restore initial working directory'
during the app scan (the scan still worked via the absolute start path, but
the errors are noise and could bite other commands). Add env --chdir to the
install user's HOME for both the argv and shell exec paths so every runFileOp
runs from a directory the user can access.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-24 13:50:20 +01:00
parent 6b44e8efc4
commit 3a0bcaccb6

View File

@ -39,22 +39,27 @@ dockerCommandRunInstallUser()
"PATH=/home/$CFG_DOCKER_INSTALL_USER/bin:/usr/bin:/bin:/usr/local/bin"
)
# Run from the install user's HOME, not the caller's cwd. At install time the
# caller is root in /root, which the unprivileged user can't enter, so
# cwd-sensitive tools error (e.g. find: "Failed to change directory: /root").
local run_cwd="/home/$CFG_DOCKER_INSTALL_USER"
# --argv: exec the remaining args verbatim (no shell re-parse) so regex/
# quotes/backslashes in arguments (e.g. sed scripts) survive intact. Default:
# treat $1 as a shell snippet via bash -c (needed for pipes/redirects/
# systemctl --user/etc.).
if [ -n "$argv_mode" ]; then
if [ -n "$silent_flag" ]; then
sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" "$@" >/dev/null 2>&1
sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" "$@" >/dev/null 2>&1
else
sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" "$@"
sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" "$@"
fi
else
local remote_command="$1"
if [ -n "$silent_flag" ]; then
sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" bash -c "$remote_command" >/dev/null 2>&1
sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" bash -c "$remote_command" >/dev/null 2>&1
else
sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" bash -c "$remote_command"
sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" bash -c "$remote_command"
fi
fi
}