fix(install): make /docker traversable in the root-phase container layer
The previous commit handed /docker/containers to the container user but left /docker itself at initFolders' 750 (manager-only) during the install — so the container user couldn't traverse INTO /docker to reach its now- owned containers/, and the boot scan still hit "find: '/docker/containers/': Permission denied" (the dir's documented rootless mode is 751, but the reconcile that sets it runs later). initContainerLayer now adds the o+x traversal bit to /docker (→ 751) alongside the containers/ handover, so the boot scan can both enter /docker and read containers/. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
6ca52f9f98
commit
ebab6accb5
8
init.sh
8
init.sh
@ -859,13 +859,19 @@ initContainerLayer()
|
||||
isSuccessful "Created container user '$duser'."
|
||||
fi
|
||||
|
||||
# /docker is manager-owned and initFolders makes it 750; give it the rootless
|
||||
# traversal bit (o+x → 751, its documented rootless mode) so the container
|
||||
# user can traverse INTO /docker to reach its containers/ dir. Without this
|
||||
# the boot scan can't enter /docker at all, no matter who owns containers/.
|
||||
[[ -d "$docker_dir" ]] && sudo chmod o+x "$docker_dir"
|
||||
|
||||
# Hand containers/ to the container user (it owns per-app data in rootless) so
|
||||
# the manager-run startup config scans can read it. 751: owner full; the
|
||||
# manager (other) can traverse in to known paths (it lists/writes via runFileOp).
|
||||
if [[ -d "$containers_dir" ]]; then
|
||||
sudo chown "$duser:$duser" "$containers_dir"
|
||||
sudo chmod 751 "$containers_dir"
|
||||
isSuccessful "containers/ handed to '$duser'."
|
||||
isSuccessful "containers/ handed to '$duser' (+ /docker traversable)."
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user