fix(images): fix Docker auto-start and default user in base image #9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Two issues were discovered during manual testing with Apple Containerization: 1. Docker service not starting automatically: - `systemctl enable docker` was called before the systemd cleanup step - The cleanup step deleted all symlinks in multi-user.target.wants/ - Moved the enable command to after the cleanup to preserve the symlink 2. Container failing to start without `-u root`: - The Dockerfile set `USER developer` as the default - systemd must run as root (PID 1) - Removed the USER directive since agents need full control anyway Tested with Apple Containerization Framework - both fixes verified working. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add hadolint ignore for DL3002 (USER root is intentional for systemd) - Consolidate consecutive RUN instructions (DL3059) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
jmgilman
added a commit
that referenced
this pull request
Jan 3, 2026
Current behavior: Docker service was not starting automatically due to systemctl enable being called before cleanup step that removed symlinks, and container was defaulting to developer user which prevented systemd from running as PID 1 New behavior: Docker systemctl enable is now called after systemd cleanup to preserve symlinks, container runs as root by default to support systemd and agent operations, and hadolint warnings are resolved with proper ignores and consolidated RUN instructions Closes: #9
This was referenced Jan 3, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
systemctl enable dockerto after systemd cleanupUSER developerdirective (systemd requires root)Background
During manual functional testing of the base image with Apple Containerization Framework, two issues were discovered:
Docker not starting automatically: The
systemctl enable dockercommand was placed before the systemd cleanup step, which deleted all symlinks inmulti-user.target.wants/, including the Docker service symlink.Container failing to start: The Dockerfile defaulted to
USER developer, but systemd must run as root (PID 1). When Apple Containerization respects the USER directive, systemd would fail immediately.Changes
systemctl enable dockerto after the systemd cleanup step (line 315)USER $USERNAMEdirective - container now runs as root by defaultTest plan
docker buildcontainer image load-u rootflagdocker run,docker build,docker compose)🤖 Generated with Claude Code