CyberCoveLLC/Triple-C
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 128 Wiki Activity

Fix UID/GID mismatch and SSH key permissions in container
All checks were successful
Build Container / build-container (push) Successful in 3m42s
Details

Browse Source 
- Entrypoint now runs as root to remap the container's claude user
  UID/GID to match the host user, fixing bind mount permission errors
  on WSL
- SSH keys are mounted read-only to a staging path (/tmp/.host-ssh)
  and copied to ~/.ssh with correct permissions by the entrypoint
- Exec sessions explicitly run as the claude user
- Host UID/GID detected automatically and passed as env vars

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Josh Knapp
2026-02-27 04:36:01 +00:00
parent 97a0745ead
commit 625260b060
4 changed files with 64 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/src-tauri/src/docker/container.rs
View File

@@ -49,6 +49,21 @@ pub async fn create_container(
let mut env_vars: Vec<String> = Vec::new();
// Pass host UID/GID so the entrypoint can remap the container user
#[cfg(unix)]
{
let uid = std::process::Command::new("id").arg("-u").output();
let gid = std::process::Command::new("id").arg("-g").output();
if let Ok(out) = uid {
let val = String::from_utf8_lossy(&out.stdout).trim().to_string();
env_vars.push(format!("HOST_UID={}", val));
}
if let Ok(out) = gid {
let val = String::from_utf8_lossy(&out.stdout).trim().to_string();
env_vars.push(format!("HOST_GID={}", val));
}
}
if let Some(key) = api_key {
env_vars.push(format!("ANTHROPIC_API_KEY={}", key));
}
@@ -82,10 +97,10 @@ pub async fn create_container(
},
];
// SSH keys mount (read-only)
// SSH keys mount (read-only staging; entrypoint copies to ~/.ssh with correct perms)
if let Some(ref ssh_path) = project.ssh_key_path {
mounts.push(Mount {
target: Some("/home/claude/.ssh".to_string()),
target: Some("/tmp/.host-ssh".to_string()),
source: Some(ssh_path.clone()),
typ: Some(MountTypeEnum::BIND),
read_only: Some(true),

1
app/src-tauri/src/docker/exec.rs
View File

@@ -72,6 +72,7 @@ impl ExecSessionManager {
attach_stderr: Some(true),
tty: Some(true),
cmd: Some(cmd),
user: Some("claude".to_string()),
working_dir: Some("/workspace".to_string()),
..Default::default()
},