fix(spawner): stage jail spawn files under daemon-owned home, not /var/run #136

Merged

clawdie merged 1 commit from stage-under-daemon-home into main

2026-06-21 17:38:05 +02:00

clawdie commented

2026-06-21 17:37:54 +02:00

Owner

Closes #135 — the structural cleanup follow-up to the jail-spawn EACCES fixes (#131, #134).

Problem. The daemon stages per-spawn launch.sh/env.sh under the jail root, but the old location /var/run/colibri-stage is root-owned, so the daemon (running as clawdie) can't create per-spawn subdirs there. #134 worked around it by pre-creating the dir in agent-jail-bootstrap.sh, leaving the daemon dependent on an external provisioning step into a root-owned tree (and /var/run can be tmpfs/cleared on boot).

Change. Default staging root moves to the daemon user's home — /home/clawdie/.cache/colibri/stage — which clawdie owns by construction of the jail account. create_dir_all now succeeds with no privileged pre-creation step, and /home is persistent. Path is overridable via COLIBRI_JAIL_STAGE_DIR, matching the daemon's other env-configurable paths.

spawner.rs: const STAGED_JAIL_RUN_DIR → staged_jail_run_dir() resolver; unit test updated.
agent-jail-bootstrap.sh: drop the now-unnecessary install -d staging block + DAEMON_USER var (the #134 workaround).
docs: jailed-spawn design + truss analysis updated to the new location.

Verified: cargo clippy -p colibri-daemon clean; spawner suite green (21 tests, incl. the staged-spawn test against the new path); sh -n clean; touched docs pass the markdown gate.

One thing for Hermes to confirm on osa: this assumes the jail's /home/clawdie is owned by clawdie (true when the jail account is created with pw useradd -m). After pulling, re-run a jailed spawn-agent to confirm staging lands under ~/.cache/colibri/stage — and the old chmod 777//var/run workaround can be dropped.

🤖 Generated with Claude Code

Closes #135 — the structural cleanup follow-up to the jail-spawn EACCES fixes (#131, #134). **Problem.** The daemon stages per-spawn `launch.sh`/`env.sh` under the jail root, but the old location `/var/run/colibri-stage` is root-owned, so the daemon (running as `clawdie`) can't create per-spawn subdirs there. #134 worked around it by pre-creating the dir in `agent-jail-bootstrap.sh`, leaving the daemon dependent on an external provisioning step into a root-owned tree (and `/var/run` can be tmpfs/cleared on boot). **Change.** Default staging root moves to the daemon user's home — `/home/clawdie/.cache/colibri/stage` — which `clawdie` owns by construction of the jail account. `create_dir_all` now succeeds with **no privileged pre-creation step**, and `/home` is persistent. Path is overridable via `COLIBRI_JAIL_STAGE_DIR`, matching the daemon's other env-configurable paths. - `spawner.rs`: `const STAGED_JAIL_RUN_DIR` → `staged_jail_run_dir()` resolver; unit test updated. - `agent-jail-bootstrap.sh`: drop the now-unnecessary `install -d` staging block + `DAEMON_USER` var (the #134 workaround). - docs: jailed-spawn design + truss analysis updated to the new location. **Verified:** `cargo clippy -p colibri-daemon` clean; spawner suite green (21 tests, incl. the staged-spawn test against the new path); `sh -n` clean; touched docs pass the markdown gate. **One thing for Hermes to confirm on osa:** this assumes the jail's `/home/clawdie` is owned by `clawdie` (true when the jail account is created with `pw useradd -m`). After pulling, re-run a jailed `spawn-agent` to confirm staging lands under `~/.cache/colibri/stage` — and the old `chmod 777`/`/var/run` workaround can be dropped. 🤖 Generated with Claude Code

clawdie added 1 commit 2026-06-21 17:37:58 +02:00

fix(spawner): stage jail spawn files under daemon-owned home, not /var/run

CI / markdown (pull_request) Has been cancelled

Details

CI / port (pull_request) Has been cancelled

Details

CI / agent-jail-pkgs (pull_request) Has been cancelled

Details

CI / rust (pull_request) Has been cancelled

Details

a7565c49ad

Closes #135. The daemon stages per-spawn launch.sh/env.sh under the jail root;
the previous location /var/run/colibri-stage is root-owned, so the daemon
(running as clawdie) could not create per-spawn subdirs there — the second
jail-spawn EACCES, worked around in #134 by pre-creating the dir in
agent-jail-bootstrap.sh.

Move the default staging root to the daemon user's home,
/home/clawdie/.cache/colibri/stage, which clawdie owns by construction of the
jail account. create_dir_all now succeeds with no privileged pre-creation step,
and /home is persistent (unlike a tmpfs /var/run). The path is overridable via
COLIBRI_JAIL_STAGE_DIR, matching the daemon's other env-configurable paths.

- spawner.rs: const → staged_jail_run_dir() resolver; updated unit test.
- agent-jail-bootstrap.sh: drop the now-unnecessary install -d staging block
  and DAEMON_USER var (the #134 workaround).
- docs: update jailed-spawn design + truss analysis to the new location.

clippy clean; spawner suite green (21 tests); sh -n clean; touched docs pass
the markdown gate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>