fix(setup-podman): cd to TMPDIR before podman load to avoid cwd permission error (#39435)

* fix(setup-podman): cd to TMPDIR before podman load to avoid inherited cwd permission error * fix(podman): safe cwd in run_as_user to prevent chdir errors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: sallyom <somalley@redhat.com> --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: sallyom <somalley@redhat.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-12 07:20:45 +00:00 · 2026-03-08 17:32:08 -04:00
parent 5889a2e98e
commit 7dfd77abeb
2 changed files with 8 additions and 2 deletions
--- a/setup-podman.sh
+++ b/setup-podman.sh
@@ -80,12 +80,17 @@ run_root() {
 }

 run_as_user() {
+  # When switching users, the caller's cwd may be inaccessible to the target
+  # user (e.g. a private home dir). Wrap in a subshell that cd's to a
+  # world-traversable directory so sudo/runuser don't fail with "cannot chdir".
+  # TODO: replace with fully rootless podman build to eliminate the need for
+  # user-switching entirely.
  local user="$1"
  shift
  if command -v sudo >/dev/null 2>&1; then
-    sudo -u "$user" "$@"
+    ( cd /tmp 2>/dev/null || cd /; sudo -u "$user" "$@" )
  elif is_root && command -v runuser >/dev/null 2>&1; then
-    runuser -u "$user" -- "$@"
+    ( cd /tmp 2>/dev/null || cd /; runuser -u "$user" -- "$@" )
  else
    echo "Need sudo (or root+runuser) to run commands as $user." >&2
    exit 1