From c51caf5c52ebaa48ef559f8459ef63330367cc6b Mon Sep 17 00:00:00 2001 From: Maxim Slipenko Date: Fri, 30 May 2025 19:41:17 +0300 Subject: [PATCH] fix: use mount only for non-root users --- build.go | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/build.go b/build.go index 3a8efb9..0b7f072 100644 --- a/build.go +++ b/build.go @@ -64,20 +64,25 @@ func BuildCmd() *cli.Command { }, }, Action: func(c *cli.Context) error { - if err := utils.EnuseIsPrivilegedGroupMember(); err != nil { - return err - } + var err error + var wd string + if utils.IsNotRoot() { + if err := utils.EnuseIsPrivilegedGroupMember(); err != nil { + return err + } - wd, err := os.Getwd() - if err != nil { - return cliutils.FormatCliExit(gotext.Get("Error getting working directory"), err) - } + wd, err = os.Getwd() + if err != nil { + return cliutils.FormatCliExit(gotext.Get("Error getting working directory"), err) + } - wd, wdCleanup, err := Mount(wd) - if err != nil { - return err + var wdCleanup func() + wd, wdCleanup, err = Mount(wd) + if err != nil { + return err + } + defer wdCleanup() } - defer wdCleanup() ctx := c.Context @@ -167,12 +172,16 @@ func BuildCmd() *cli.Command { if scriptArgs != nil { scriptFile := filepath.Base(scriptArgs.Script) - newScriptDir, scriptDirCleanup, err := Mount(filepath.Dir(scriptArgs.Script)) - if err != nil { - return err + scriptDir := filepath.Dir(scriptArgs.Script) + if utils.IsNotRoot() { + var scriptDirCleanup func() + scriptDir, scriptDirCleanup, err = Mount(scriptDir) + if err != nil { + return err + } + defer scriptDirCleanup() } - defer scriptDirCleanup() - scriptArgs.Script = filepath.Join(newScriptDir, scriptFile) + scriptArgs.Script = filepath.Join(scriptDir, scriptFile) } if err := utils.ExitIfCantDropCapsToAlrUser(); err != nil {