Recursive chown in container entrypoint breaks on read-only volumes #2104
Labels
enhancement
New feature or request
Comments
|
Made chown gracefully fail and move on.
Edit. That other bug report needs investigation. #2103 |
|
Thank you! I appreciate the quick fix. |
|
FWIW, I can confirm the fix works! Listmonk now runs again with both read-only volumes and rootless Podman. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First of all, thank you so much for all of your work on Listmonk! I know maintaining an open source project like this isn't easy.
Is your feature request related to a problem? Please describe.
When I attempted to upgrade from the Listmonk 3 container to 4, the recursive
chownin entrypoint.sh is erroring (with "Read-only filesystem" for each file accessed). This is because I'm using read-only volumes for both the Listmonk configuration file and static files. That's for security purposes; it's generally best practice to give a container the minimum ability to alter files on the host, just on the off chance the container becomes compromised.Side note: The
chownis also triggering "Operation not permitted" errors on other container files because I'm running the container in rootless Podman, which worked fine with Listmonk 3. I totally understand if this is not a supported use case with Listmonk, but I thought I should mention it as well. (I've tried various permutations of setting PUID and PGID, but that hasn't helped.)Describe the solution you'd like
I have two ideas for "fixes":
chown, maybe just check that files have the correct permissions and error if they don't (without modifying their permissions).chownentirely.The text was updated successfully, but these errors were encountered: