fix: prepare runs volume before dropping privileges

2026-05-17 05:11:20 +02:00
parent f3c9331718
commit c2d572e6f5
2 changed files with 19 additions and 1 deletions
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -eu
+
+mkdir -p /app/runs/memory/cold
+
+if chown -R node:node /app/runs 2>/dev/null; then
+  exec su-exec node "$@"
+fi
+
+if su-exec node sh -c 'test -w /app/runs && test -w /app/runs/memory'; then
+  exec su-exec node "$@"
+fi
+
+echo "[entrypoint] WARNING: /app/runs is not writable by user node; starting as root for this bind mount." >&2
+exec "$@"