Merge claude/2

This commit is contained in:
librelad 2026-05-23 22:24:43 +01:00
commit caa197f2fa
2 changed files with 32 additions and 13 deletions

View File

@ -35,12 +35,21 @@ dockerConfigSetupFileWithData()
# UID (was 1001) breaks wherever that user's UID differs — the
# container dies with EACCES on first write and never binds its port.
# No-op for compose files without a USER_TAG.
local container_user="${docker_install_user:-$sudo_user_name}"
local install_uid install_gid
install_uid=$(id -u "$container_user" 2>/dev/null)
install_gid=$(id -g "$container_user" 2>/dev/null)
if [[ -n "$install_uid" && -n "$install_gid" ]]; then
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "${install_uid}:${install_gid}"
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
# Rootless: the daemon runs as the install user, so container UID 0
# maps to it on the host — it owns the bind-mounts and the rootless
# socket. Using the host UID instead lands on an unmapped sub-UID
# (EACCES on writes; and group_add then calls setgroups() with a
# sub-GID outside the userns → EINVAL, container won't start).
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "0:0"
else
local container_user="${docker_install_user:-$sudo_user_name}"
local install_uid install_gid
install_uid=$(id -u "$container_user" 2>/dev/null)
install_gid=$(id -g "$container_user" 2>/dev/null)
if [[ -n "$install_uid" && -n "$install_gid" ]]; then
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "${install_uid}:${install_gid}"
fi
fi
tagsProcessorPasswordAndKeyGeneration "$full_file_path"
tagsProcessorRandomUserGeneration "$full_file_path"

View File

@ -26,15 +26,25 @@ tagsProcessorSocketConfiguration()
if [[ -n "$socket_path" ]]; then
tagsManagerUpdateUniversalTag "$full_file_path" "SOCKET_TAG" "${socket_path}:${socket_path}"
# Resolve the socket's group GID so the (non-root) container user
# can connect via group_add. Without this, the socket is owned
# root:docker mode 660 and a non-member UID sees EACCES.
# Resolve the socket's group GID so the container can connect via
# group_add.
local socket_gid=""
if [[ -S "$socket_path" ]]; then
socket_gid=$(stat -c '%g' "$socket_path" 2>/dev/null)
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
# Rootless: container runs as UID 0 = the install user = socket
# owner, so inside the userns the socket's group is root (0). The
# host shows a high sub-GID (e.g. 166528); using that would make
# group_add call setgroups() with a GID outside the userns → EINVAL
# and the container fails to start.
socket_gid=0
else
# Rooted: socket is owned root:docker mode 660, so a non-member UID
# needs the docker group via group_add or it sees EACCES.
if [[ -S "$socket_path" ]]; then
socket_gid=$(stat -c '%g' "$socket_path" 2>/dev/null)
fi
[[ -z "$socket_gid" ]] && socket_gid=$(getent group docker 2>/dev/null | cut -d: -f3)
[[ -z "$socket_gid" ]] && socket_gid="999"
fi
[[ -z "$socket_gid" ]] && socket_gid=$(getent group docker 2>/dev/null | cut -d: -f3)
[[ -z "$socket_gid" ]] && socket_gid="999"
tagsManagerUpdateUniversalTag "$full_file_path" "SOCKET_GID_TAG" "$socket_gid"
fi
}