From 60eac985e6aa2c08221f206ed1f6423bc28cbedf Mon Sep 17 00:00:00 2001
From: yeti <yeti@alps>
Date: Fri, 16 May 2025 14:24:23 +0100
Subject: [PATCH] feat: adapt strict directory permissions for container $HOME
 folder

---
 build-workspace.sh | 24 ++++--------------------
 1 file changed, 4 insertions(+), 20 deletions(-)

diff --git a/build-workspace.sh b/build-workspace.sh
index 6a67386..4152c4d 100755
--- a/build-workspace.sh
+++ b/build-workspace.sh
@@ -20,32 +20,16 @@ buildah run "$ctr" -- bash -c "\
 
 buildah add "$ctr" home.tar.gz $DEV_HOME
 
-# configure lazyvim
 # shellcheck disable=SC2016
-buildah run --user "$DEV_USER" "$ctr" -- fish -c '
+buildah run "$ctr" -- fish -c '
   set -gx HOME '"$DEV_HOME"';
   ssh-keyscan -p 2222 10.88.0.1 >> $HOME/.ssh/known_hosts;
   ssh-keyscan -p 22 github.com >> $HOME/.ssh/known_hosts;
+  chown -R '"$DEV_USER"':'"$DEV_USER"' $HOME/.local $HOME/.config/fish/completions \
+    $HOME/.config/fish/functions $HOME/.config/fish/fish_variables;
+  chown '"$DEV_USER"':'"$DEV_USER"' $HOME/.config/tmux;
 '
 
-# lock the files
-buildah run "$ctr" -- bash -c "\
-  chmod 750 $DEV_HOME/start.sh \
-  $DEV_HOME/.config/lazygit/config.yml \
-  $DEV_HOME/.config/nvim/lua/config/lazy.lua \
-  $DEV_HOME/.config/nvim/init.lua \
-  $DEV_HOME/.config/nvim/README.md \
-  $DEV_HOME/.config/nvim/LICENSE \
-  $DEV_HOME/.config/tmux/tmux.conf && \
-  chown root:secproc $DEV_HOME/start.sh \
-  $DEV_HOME/.config/lazygit/config.yml \
-  $DEV_HOME/.config/nvim/lua/config/lazy.lua \
-  $DEV_HOME/.config/nvim/init.lua \
-  $DEV_HOME/.config/nvim/README.md \
-  $DEV_HOME/.config/nvim/LICENSE \
-  $DEV_HOME/.config/tmux/tmux.conf
-"
-
 buildah config \
   --user $DEV_USER \
   --workingdir /app \