From 7a985f88304e9791eff7c93085df17e6aa5adea6 Mon Sep 17 00:00:00 2001 From: Thomas Kosiewski Date: Mon, 18 May 2026 12:26:30 +0200 Subject: [PATCH] fix(dogfood): chown /etc/mise to coder so mise can update lockfile (#25431) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mise writes a temp file like `/etc/mise/.mise.lock.XXXXXX` and renames it onto `mise.lock` for atomic updates, which requires write access to the parent directory. `/etc/mise` was previously root-owned (`install --directory --mode=0755` and `COPY` without `--chown` default to root), so any mise command that updated the lockfile failed for the coder user: ``` mise ERROR failed to update lockfiles mise ERROR Permission denied (os error 13) at path "/etc/mise/.mise.lock.HbuLAN" ``` Chown `/etc/mise` and the baked `config.toml` / `mise.lock` to `coder:coder`, matching how `/opt/mise` is already set up. The dogfood image is single-user, and mise is expected to update its own lockfile when the coder user installs new tools. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Thomas Kosiewski Co-authored-by: Claude Opus 4.7 (1M context) --- dogfood/coder/ubuntu-22.04/Dockerfile | 10 ++++++---- dogfood/coder/ubuntu-26.04/Dockerfile | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/dogfood/coder/ubuntu-22.04/Dockerfile b/dogfood/coder/ubuntu-22.04/Dockerfile index 3706954dbe..39703aff53 100644 --- a/dogfood/coder/ubuntu-22.04/Dockerfile +++ b/dogfood/coder/ubuntu-22.04/Dockerfile @@ -200,10 +200,12 @@ ENV MISE_DATA_DIR=/home/coder/.local/share/mise \ # # We pre-create /etc/mise as 0755 because COPY's implicitly-created # parent dirs inherit the --chmod, which would leave /etc/mise -# without the `x` bit and unreachable to the coder user. -RUN install --directory --mode=0755 /etc/mise -COPY --chmod=0644 mise.toml /etc/mise/config.toml -COPY --chmod=0644 mise.lock /etc/mise/mise.lock +# without the `x` bit and unreachable to the coder user. We also +# chown to coder so mise can write the temp lockfile it uses for +# atomic rename when updating /etc/mise/mise.lock during installs. +RUN install --directory --owner=coder --group=coder --mode=0755 /etc/mise +COPY --chown=coder:coder --chmod=0644 mise.toml /etc/mise/config.toml +COPY --chown=coder:coder --chmod=0644 mise.lock /etc/mise/mise.lock # Pre-install tools into /opt/mise/data so they survive the home # volume's copy-on-first-mount. MISE_SHARED_INSTALL_DIRS (set below) diff --git a/dogfood/coder/ubuntu-26.04/Dockerfile b/dogfood/coder/ubuntu-26.04/Dockerfile index d5f5a7a949..9fe00ce879 100644 --- a/dogfood/coder/ubuntu-26.04/Dockerfile +++ b/dogfood/coder/ubuntu-26.04/Dockerfile @@ -210,10 +210,12 @@ ENV MISE_DATA_DIR=/home/coder/.local/share/mise \ # # We pre-create /etc/mise as 0755 because COPY's implicitly-created # parent dirs inherit the --chmod, which would leave /etc/mise -# without the `x` bit and unreachable to the coder user. -RUN install --directory --mode=0755 /etc/mise -COPY --chmod=0644 mise.toml /etc/mise/config.toml -COPY --chmod=0644 mise.lock /etc/mise/mise.lock +# without the `x` bit and unreachable to the coder user. We also +# chown to coder so mise can write the temp lockfile it uses for +# atomic rename when updating /etc/mise/mise.lock during installs. +RUN install --directory --owner=coder --group=coder --mode=0755 /etc/mise +COPY --chown=coder:coder --chmod=0644 mise.toml /etc/mise/config.toml +COPY --chown=coder:coder --chmod=0644 mise.lock /etc/mise/mise.lock # Pre-install tools into /opt/mise/data so they survive the home # volume's copy-on-first-mount. MISE_SHARED_INSTALL_DIRS (set below)