diff --git a/infra/start.sh b/infra/start.sh index 9eb8a34..6d9b0cf 100755 --- a/infra/start.sh +++ b/infra/start.sh @@ -60,37 +60,26 @@ EOF echo "[hiy] Generated proxy/caddy.json for ${DOMAIN_SUFFIX}" # ── Ensure Podman socket is active ──────────────────────────────────────────── -# /run/user/ is created by PAM/logind; it doesn't exist in non-login -# shells. Unconditionally redirect all Podman runtime state to /tmp so we -# never depend on logind, regardless of what XDG_RUNTIME_DIR was set to -# by the calling environment. -_HIY_RUNTIME="/tmp/podman-$(id -u)" -mkdir -p "$_HIY_RUNTIME" -export XDG_RUNTIME_DIR="$_HIY_RUNTIME" +# Podman rootless resets XDG_RUNTIME_DIR to /run/user/ if that directory +# exists (regardless of what the caller set). So we must ensure that directory +# exists and is writable by the current user — this is normally done by +# PAM/logind but doesn't happen in non-login shells. +_HIY_XDG="/run/user/$(id -u)" +if [ ! -d "$_HIY_XDG" ]; then + sudo mkdir -p "$_HIY_XDG" +fi +if [ ! -w "$_HIY_XDG" ]; then + sudo chown "$(id -u):$(id -g)" "$_HIY_XDG" + sudo chmod 0700 "$_HIY_XDG" +fi +export XDG_RUNTIME_DIR="$_HIY_XDG" -# Write storage.conf and containers.conf so Podman doesn't read stale -# RunRoot / tmp_dir values from existing user config files. -mkdir -p "$HOME/.config/containers" -cat > "$HOME/.config/containers/storage.conf" < "$HOME/.config/containers/containers.conf" <