fix: ensure HOME directory has correct ownership in chroot mode

Mossaka · claude · Mossaka · commit 1aee684fe8ff · 2026-02-12T21:01:11.000Z
When Docker bind-mounts subdirectories (e.g., ~/.claude, ~/.config),
it creates parent directories as root:root. This means $HOME itself
becomes root-owned, preventing CLI tools from writing directly to
$HOME (e.g., creating lock files, temp files, or new subdirectories).

Fix HOME ownership before Docker compose runs to ensure the agent user
can write to the home directory. This likely fixes the Smoke Claude
timeout where Claude Code hangs after accessing the API key.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/docker-manager.ts b/src/docker-manager.ts
@@ -968,15 +968,29 @@ export async function writeConfigs(config: WrapperConfig): Promise<void> {
     logger.debug(`MCP logs directory permissions fixed at: ${mcpLogsDir}`);
   }
 
-  // Ensure chroot home subdirectories exist with correct ownership before Docker
-  // bind-mounts them. If a source directory doesn't exist, Docker creates it as
-  // root:root, making it inaccessible to the agent user (e.g., UID 1001).
+  // Ensure chroot home directory and subdirectories exist with correct ownership
+  // before Docker bind-mounts them. If a source directory doesn't exist, Docker
+  // creates it as root:root, making it inaccessible to the agent user (e.g., UID 1001).
   // This is critical for CLI tools that need writable home subdirectories
   // (e.g., Claude Code needs ~/.claude, npm needs ~/.npm).
+  // We also ensure $HOME itself has correct ownership because Docker's creation of
+  // subdirectory mounts creates parent directories as root:root, which prevents
+  // tools from creating new files/directories directly in $HOME.
   if (config.enableChroot) {
     const effectiveHome = getRealUserHome();
     const uid = parseInt(getSafeHostUid(), 10);
     const gid = parseInt(getSafeHostGid(), 10);
+
+    // Ensure $HOME exists and is owned by the agent user
+    // (Docker creates parent directories as root when bind-mounting subdirectories)
+    if (fs.existsSync(effectiveHome)) {
+      const stats = fs.statSync(effectiveHome);
+      if (stats.uid !== uid || stats.gid !== gid) {
+        fs.chownSync(effectiveHome, uid, gid);
+        logger.debug(`Fixed ownership of ${effectiveHome} to ${uid}:${gid}`);
+      }
+    }
+
     const chrootHomeDirs = [
       '.copilot', '.cache', '.config', '.local',
       '.anthropic', '.claude', '.cargo', '.rustup', '.npm',
