From 3a0bcaccb6ae5a93a5a3bc3cfa33a4f9f97b0159 Mon Sep 17 00:00:00 2001 From: librelad Date: Sun, 24 May 2026 13:50:20 +0100 Subject: [PATCH] fix(rootless): run install-user commands from HOME, not the caller cwd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit dockerCommandRunInstallUser sudo's to the unprivileged docker install user but inherited the caller's cwd. At install time the caller is root in /root, which that user can't enter, so cwd-sensitive tools failed — e.g. 'find: Failed to change directory: /root' / 'Failed to restore initial working directory' during the app scan (the scan still worked via the absolute start path, but the errors are noise and could bite other commands). Add env --chdir to the install user's HOME for both the argv and shell exec paths so every runFileOp runs from a directory the user can access. Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/docker/command/docker_run_install.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/scripts/docker/command/docker_run_install.sh b/scripts/docker/command/docker_run_install.sh index 10158e1..5d57933 100755 --- a/scripts/docker/command/docker_run_install.sh +++ b/scripts/docker/command/docker_run_install.sh @@ -39,22 +39,27 @@ dockerCommandRunInstallUser() "PATH=/home/$CFG_DOCKER_INSTALL_USER/bin:/usr/bin:/bin:/usr/local/bin" ) + # Run from the install user's HOME, not the caller's cwd. At install time the + # caller is root in /root, which the unprivileged user can't enter, so + # cwd-sensitive tools error (e.g. find: "Failed to change directory: /root"). + local run_cwd="/home/$CFG_DOCKER_INSTALL_USER" + # --argv: exec the remaining args verbatim (no shell re-parse) so regex/ # quotes/backslashes in arguments (e.g. sed scripts) survive intact. Default: # treat $1 as a shell snippet via bash -c (needed for pipes/redirects/ # systemctl --user/etc.). if [ -n "$argv_mode" ]; then if [ -n "$silent_flag" ]; then - sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" "$@" >/dev/null 2>&1 + sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" "$@" >/dev/null 2>&1 else - sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" "$@" + sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" "$@" fi else local remote_command="$1" if [ -n "$silent_flag" ]; then - sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" bash -c "$remote_command" >/dev/null 2>&1 + sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" bash -c "$remote_command" >/dev/null 2>&1 else - sudo -u "$CFG_DOCKER_INSTALL_USER" env "${run_env[@]}" bash -c "$remote_command" + sudo -u "$CFG_DOCKER_INSTALL_USER" env --chdir="$run_cwd" "${run_env[@]}" bash -c "$remote_command" fi fi }