Skip to content

Commit 7dfd77a

Browse files
langdonsallyomclaude
authored
fix(setup-podman): cd to TMPDIR before podman load to avoid cwd permission error (#39435)
* fix(setup-podman): cd to TMPDIR before podman load to avoid inherited cwd permission error * fix(podman): safe cwd in run_as_user to prevent chdir errors Co-Authored-By: Claude Opus 4.6 <[email protected]> Signed-off-by: sallyom <[email protected]> --------- Signed-off-by: sallyom <[email protected]> Co-authored-by: sallyom <[email protected]> Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
1 parent 5889a2e commit 7dfd77a

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ Docs: https://docs.openclaw.ai
3737
- Docs/browser: add a layered WSL2 + Windows remote Chrome CDP troubleshooting guide, including Control UI origin pitfalls and extension-relay bind-address guidance. (#39407) Thanks @Owlock.
3838
- Context engine registry/bundled builds: share the registry state through a `globalThis` singleton so duplicated bundled module copies can resolve engines registered by each other at runtime, with regression coverage for duplicate-module imports. (#40115) thanks @jalehman.
3939
- macOS/Tailscale gateway discovery: keep Tailscale Serve probing alive when other remote gateways are already discovered, prefer direct transport for resolved `.ts.net` and Tailscale Serve gateways, and set `TERM=dumb` for GUI-launched Tailscale CLI discovery. (#40167) thanks @ngutman.
40+
- Podman/setup: fix `cannot chdir: Permission denied` in `run_as_user` when `setup-podman.sh` is invoked from a directory the target user cannot access, by wrapping user-switch calls in a subshell that cd's to `/tmp` with `/` fallback. (#39435) Thanks @langdon and @jlcbk.
4041

4142
## 2026.3.7
4243

setup-podman.sh

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,12 +80,17 @@ run_root() {
8080
}
8181

8282
run_as_user() {
83+
# When switching users, the caller's cwd may be inaccessible to the target
84+
# user (e.g. a private home dir). Wrap in a subshell that cd's to a
85+
# world-traversable directory so sudo/runuser don't fail with "cannot chdir".
86+
# TODO: replace with fully rootless podman build to eliminate the need for
87+
# user-switching entirely.
8388
local user="$1"
8489
shift
8590
if command -v sudo >/dev/null 2>&1; then
86-
sudo -u "$user" "$@"
91+
( cd /tmp 2>/dev/null || cd /; sudo -u "$user" "$@" )
8792
elif is_root && command -v runuser >/dev/null 2>&1; then
88-
runuser -u "$user" -- "$@"
93+
( cd /tmp 2>/dev/null || cd /; runuser -u "$user" -- "$@" )
8994
else
9095
echo "Need sudo (or root+runuser) to run commands as $user." >&2
9196
exit 1

0 commit comments

Comments
 (0)