fix(vm): make /sandbox chown non-fatal for virtiofs rootless hosts#1389
Merged
Conversation
On Linux non-root hosts, virtiofs maps guest root to the host user, so chown inside the VM is denied. This causes the init script to abort under set -e, preventing the sandbox from starting. Make the chown best-effort: if it fails, log a warning and continue. The supervisor's own filesystem preparation handles ownership for the paths that matter, so the sandbox works correctly without it. This is a pragmatic workaround — anything that would break due to the failed chown will still break, just later and with a clearer error rather than a cryptic boot failure. In practice the sandbox functions normally because the supervisor sets up its own working directories. Signed-off-by: Russell Bryant <russell.bryant@gmail.com>
russellb
requested review from
a team,
derekwaynecarr,
maxamillion and
mrunalp
as code owners
Contributor
Author
|
This is admittedly a hack on top of a hack. It unblocked my testing and I no longer hit errors, but I think this will need to be revisited at some point. |
drew
approved these changes
May 14, 2026
Collaborator
drew
left a comment
drew
left a comment
There was a problem hiding this comment.
Agree it's a hack.
I'm good merging this to keep you unblocked.
I'm working on a fairly large change to how storage here works. Preferring to instead unpack the requested sandbox image inside the guest VM onto a per-sandbox overlay disk.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
On Linux non-root hosts, virtiofs maps guest root to the host user, so
chowninside the VM is denied. This causes the init script to abort underset -e, preventing the sandbox from starting. Make the chown best-effort so the VM boots successfully.Related Issue
The
/sandboxownership fix was added in #1176 for macOS hosts where guest root has real root privileges (Hypervisor.framework) and chown succeeds. This PR extends it to handle the Linux non-root case where chown is denied.Changes
chown -R /sandboxnon-fatal: suppress stderr and log a warning on failure instead of abortingThis is a pragmatic workaround — anything that would break due to the failed chown will still break, just later and with a clearer error rather than a cryptic boot failure. In practice the sandbox functions normally because the supervisor sets up its own working directories.
Testing
mise run pre-commitpasseschown /sandbox denied (virtiofs rootless host), continuingChecklist