babbarc/workspaces
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: adapt strict directory permissions for container $HOME folder

Browse Source
This commit is contained in:
yeti 2025-05-16 14:24:23 +01:00
parent ad7413a0ef
commit 60eac985e6
1 changed files with 4 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
build-workspace.sh
View File

@ -20,32 +20,16 @@ buildah run "$ctr" -- bash -c "\
buildah add "$ctr" home.tar.gz $DEV_HOME
# configure lazyvim
# shellcheck disable=SC2016
buildah run --user "$DEV_USER" "$ctr" -- fish -c '
buildah run "$ctr" -- fish -c '
set -gx HOME '"$DEV_HOME"';
ssh-keyscan -p 2222 10.88.0.1 >> $HOME/.ssh/known_hosts;
ssh-keyscan -p 22 github.com >> $HOME/.ssh/known_hosts;
chown -R '"$DEV_USER"':'"$DEV_USER"' $HOME/.local $HOME/.config/fish/completions \
$HOME/.config/fish/functions $HOME/.config/fish/fish_variables;
chown '"$DEV_USER"':'"$DEV_USER"' $HOME/.config/tmux;
'
# lock the files
buildah run "$ctr" -- bash -c "\
chmod 750 $DEV_HOME/start.sh \
$DEV_HOME/.config/lazygit/config.yml \
$DEV_HOME/.config/nvim/lua/config/lazy.lua \
$DEV_HOME/.config/nvim/init.lua \
$DEV_HOME/.config/nvim/README.md \
$DEV_HOME/.config/nvim/LICENSE \
$DEV_HOME/.config/tmux/tmux.conf && \
chown root:secproc $DEV_HOME/start.sh \
$DEV_HOME/.config/lazygit/config.yml \
$DEV_HOME/.config/nvim/lua/config/lazy.lua \
$DEV_HOME/.config/nvim/init.lua \
$DEV_HOME/.config/nvim/README.md \
$DEV_HOME/.config/nvim/LICENSE \
$DEV_HOME/.config/tmux/tmux.conf
"
buildah config \
--user $DEV_USER \
--workingdir /app \