Skip to content

Commit 37d2f91

Browse files
authored
Merge pull request #8 from spacedock-dev/fix/dab-compose-run-as-root
fix(dab): run main compose service as root (0:0)
2 parents f5914db + ce65a4c commit 37d2f91

2 files changed

Lines changed: 23 additions & 0 deletions

File tree

packages/razorback-plugin-dab/src/razorback_plugin_dab/generate/compose.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,13 @@ def generate_compose(
153153
main_service: dict[str, Any] = {
154154
"image": docker_image,
155155
"working_dir": container_workdir,
156+
# Run as root. Harbor's codex runtime pre-creates root-owned
157+
# /logs/agent and $CODEX_HOME during setup, then runs the agent as the
158+
# image's default USER. dab-agent:latest ships USER exedev (non-root),
159+
# so the agent cannot write those dirs and codex aborts with
160+
# "Permission denied (os error 13)". ade-bench's images run as root and
161+
# never hit this; pin main to root to match.
162+
"user": "0:0",
156163
"networks": ["dab-net"] if networks_used else [],
157164
}
158165
if main_file_volumes:

packages/razorback-plugin-dab/tests/unit/test_compose_postgres.py

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,22 @@ def test_sqlite_does_not_spawn_service(tmp_path: Path):
6363
assert "dab-sqlite" not in compose["services"]
6464

6565

66+
def test_main_service_runs_as_root(tmp_path: Path):
67+
# The codex runtime's setup (run as root) pre-creates root-owned
68+
# /logs/agent and $CODEX_HOME, then harbor runs the agent as the image's
69+
# default USER. dab-agent:latest is USER exedev (non-root), so the agent
70+
# cannot write those dirs -> codex aborts with "Permission denied
71+
# (os error 13)". Pin the main service to root so it can write them,
72+
# matching the root images ade-bench runs successfully.
73+
compose_text = generate_compose(
74+
db_config=_BOOKREVIEW_LIKE,
75+
dataset_name="bookreview",
76+
data_root=tmp_path,
77+
)
78+
compose = yaml.safe_load(compose_text)
79+
assert compose["services"]["main"]["user"] == "0:0"
80+
81+
6682
def test_dab_net_declared(tmp_path: Path):
6783
compose_text = generate_compose(
6884
db_config=_BOOKREVIEW_LIKE,

0 commit comments

Comments
 (0)