Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(agent/agentcontainers): chown coder binary #18611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 26, 2025
Merged

fix(agent/agentcontainers): chown coder binary #18611

merged 3 commits into from
Jun 26, 2025
+11 −0

Conversation

DanielleMaywood
Copy link
Contributor

No description provided.

@DanielleMaywood DanielleMaywood requested a review from Copilot June 26, 2025 15:27
Copilot
Copilot AI reviewed Jun 26, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a chown step to ensure the coder binary inside the container is owned by the container user, and updates tests to expect this new step.

  • Inject a chown ExecAs call in maybeInjectSubAgentIntoContainerLocked to set binary ownership.
  • Add matching mocked ExecAs(... chown ...) expectations in multiple tests.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
agent/agentcontainers/api.go Insert a shell-based chown call to set ownership on the agent binary
agent/agentcontainers/api_test.go Add mocked ExecAs expectations for the chown call in tests
Comments suppressed due to low confidence (1)

agent/agentcontainers/api.go:1445

  • [nitpick] The comment mentions ensuring the binary is executable, but this block actually changes ownership via chown. Consider updating the comment to reflect setting ownership (e.g., "Ensure the agent binary is owned by the container user").
	// Make sure the agent binary is executable so we can run it.

@DanielleMaywood DanielleMaywood marked this pull request as ready for review June 26, 2025 15:37
@DanielleMaywood DanielleMaywood requested a review from mafredri June 26, 2025 15:38
@DanielleMaywood DanielleMaywood merged commit 5ae320e into main Jun 26, 2025
36 checks passed
@DanielleMaywood DanielleMaywood deleted the danielle/maybe-fix-devcontainer branch June 26, 2025 15:42
mafredri
mafredri approved these changes Jun 26, 2025
View reviewed changes
agent/agentcontainers/api.go
// Make sure the agent binary is executable so we can run it.
if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "/bin/sh", "-c", fmt.Sprintf("chown $(id -u):$(id -g) %s", coderPathInsideContainer)); err != nil {
return xerrors.Errorf("set agent binary ownership: %w", err)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to chown the folder as well or not?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It worked for me without

agent/agentcontainers/api.go
@@ -1442,6 +1442,11 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c
return xerrors.Errorf("set agent binary executable: %w", err)
}

// Make sure the agent binary is executable so we can run it.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Make sure the agent binary is executable so we can run it.
// Make sure the agent binary is owned by a valid user so we can run it.

Perhaps?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, just hit the green button as you replied 🤦‍♀️ Second time I've done this 😅

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've got another PR up so I'll add add the change to that PR, I need to be a little less quick on merging

@github-actions github-actions bot locked and limited conversation to collaborators Jun 26, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@johnstcn johnstcn johnstcn approved these changes

Copilot code review Copilot Copilot left review comments

@mafredri mafredri mafredri approved these changes

Assignees

@DanielleMaywood DanielleMaywood

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DanielleMaywood @mafredri @johnstcn