fix(tools): chown bind-mounted build outputs back to host user#159
Draft
ottobolyos wants to merge 1 commit into
Draft
fix(tools): chown bind-mounted build outputs back to host user#159ottobolyos wants to merge 1 commit into
ottobolyos wants to merge 1 commit into
Conversation
The SDK image runs `dotnet` as root by default. Files written to the bind-mounted repo - bin/, obj/, TestResults/, CoverageReport/ - end up root-owned on the host, blocking the user's subsequent native dotnet invocations, `rm -rf` cleanups, and `git clean` from removing them. Wrap the in-container dotnet call in a thin bash entrypoint that, on exit, walks the bind-mounted /src tree and chowns those output directories back to the host user's UID:GID (passed in via HOST_UID / HOST_GID environment variables). The named volumes that back the NuGet package cache and the dotnet-tools store stay root-owned inside the container since they are not visible to the host and do not interfere with host-side workflows. The chown runs unconditionally on exit so a failing dotnet call still hands the build outputs back to the user; the original dotnet exit code is preserved.
PatrickRitchie
approved these changes
May 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When
tools/dotnet.sh --docker(and transitivelytools/test.sh --docker) is used,bin/,obj/,TestResults/, andCoverageReport/directories under the bind-mounted repo end up root-owned on the host because the SDK image runsdotnetas root. This blocks subsequent nativedotnetinvocations,rm -rfcleanups, andgit cleanfrom removing those outputs withoutsudo.dotnetcall in a thin bash entrypoint that, on exit, walks the bind-mounted/srctree and chowns the build-output directories back to the host user's UID:GID (passed in viaHOST_UID/HOST_GIDenvironment variables).dotnetcall still hands the build outputs back to the user; the originaldotnetexit code is preserved.