fix: filebrowser port bind, CSRF in tests, console-setup, auto-test scope
All checks were successful
Build Archipelago ISO / build-iso (push) Successful in 18m35s
All checks were successful
Build Archipelago ISO / build-iso (push) Successful in 18m35s
FileBrowser crash fix: - Add --cap-add=NET_BIND_SERVICE (port 80 needs it with --cap-drop=ALL) - Add --cap-add=DAC_OVERRIDE for rootless volume access - Both in first-boot script and backend config.rs Test script fixes: - Extract csrf_token cookie and send as X-CSRF-Token header on RPC calls - Add --phase1-only flag for safe install-only checks (no side effects) - Auto-test service uses --phase1-only so it doesn't steal onboarding Install fixes: - Pre-create ~/.local/share/containers (ReadWritePaths mount namespace error) - Fix console-setup.service: add After=tmp.mount + ExecStartPre mkdir /tmp Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -97,9 +97,10 @@ pub(super) fn get_app_capabilities(app_id: &str) -> Vec<String> {
|
||||
"--cap-add=SETUID".to_string(),
|
||||
"--cap-add=SETGID".to_string(),
|
||||
],
|
||||
// FileBrowser needs DAC_OVERRIDE to read/write volume files under rootless podman
|
||||
// FileBrowser needs DAC_OVERRIDE for volume access + NET_BIND_SERVICE to bind port 80
|
||||
"filebrowser" => vec![
|
||||
"--cap-add=DAC_OVERRIDE".to_string(),
|
||||
"--cap-add=NET_BIND_SERVICE".to_string(),
|
||||
],
|
||||
// Minimal apps (searxng, etc.) need no extra caps
|
||||
_ => vec![],
|
||||
|
||||
Reference in New Issue
Block a user