From 731431909077ae4e78a9ff022f728a5901d9c23d Mon Sep 17 00:00:00 2001 From: librelad Date: Sun, 24 May 2026 14:44:02 +0100 Subject: [PATCH] fix(rootless): establish task-dir ownership with runSystem in setupTaskDir MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The dir-ownership chown used runFileOp (the unprivileged dir owner), which can't reclaim files a prior run left root/manager-owned — leaving a root-owned task_processor.log the daemon then couldn't append to. Use runSystem (root) so ownership is actually established. Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/crontab/task/crontab_task_processor.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/crontab/task/crontab_task_processor.sh b/scripts/crontab/task/crontab_task_processor.sh index 71bf9bc..c0713b1 100755 --- a/scripts/crontab/task/crontab_task_processor.sh +++ b/scripts/crontab/task/crontab_task_processor.sh @@ -143,8 +143,11 @@ setupTaskDir() { # it. Create-if-absent to keep a stable inode for flock across restarts. [[ -e "$LOCK_FILE" ]] || runFileOp install -m 666 /dev/null "$LOCK_FILE" 2>/dev/null runFileOp chmod 666 "$LOCK_FILE" 2>/dev/null + # Establish ownership with runSystem (root): the unprivileged dir owner can't + # reclaim files an earlier run left root/manager-owned (e.g. a root-owned + # task_processor.log), which would then block the daemon's log appends. if [[ -n "$docker_install_user" ]]; then - runFileOp chown -R "$docker_install_user":"$docker_install_user" "$TASK_DIR" 2>/dev/null + runSystem chown -R "$docker_install_user":"$docker_install_user" "$TASK_DIR" 2>/dev/null fi }