archetecture security fix

This commit is contained in:
root
2026-06-11 03:22:12 -04:00
parent 6def9993da
commit 9483750161
3126 changed files with 177194 additions and 37211 deletions
+13
View File
@@ -0,0 +1,13 @@
#!/usr/bin/env sh
set -eu
# Start as root only long enough to prepare writable runtime mounts, then drop
# to the unprivileged app user before running Node/NPM. If chown is blocked by
# a hardened runtime, continue and let the app fail loudly on write attempts.
if [ "$(id -u)" = "0" ]; then
mkdir -p /var/lib/rentaldrivego/storage/public /var/lib/rentaldrivego/storage/private /tmp/rentaldrivego
chown -R app:app /var/lib/rentaldrivego /tmp/rentaldrivego 2>/dev/null || true
exec su app -s /bin/sh -c 'exec "$@"' -- "$@"
fi
exec "$@"