From 251447b17a0900096db4fa48d3ccf012f3ce4ddf Mon Sep 17 00:00:00 2001 From: Dorian Date: Mon, 30 Mar 2026 23:22:28 +0100 Subject: [PATCH] fix: use rootless podman to check conmon ownership in doctor Critical bug: the doctor runs as root but containers are rootless under the archipelago user. When checking if a conmon process has an associated container, the root podman database was queried (empty), causing ALL conmon processes to be identified as orphaned and killed. This terminated running containers every 30 minutes. Fix: use sudo -u archipelago to query the rootless podman database. Co-Authored-By: Claude Opus 4.6 (1M context) --- scripts/container-doctor.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/container-doctor.sh b/scripts/container-doctor.sh index 456cc08d..d9768e6a 100755 --- a/scripts/container-doctor.sh +++ b/scripts/container-doctor.sh @@ -70,6 +70,10 @@ fix_orphaned_conmon() { return 1 fi + # Doctor runs as root but containers are rootless under archipelago user. + # Must check container existence using the rootless podman database. + local PODMANCMD="sudo -u archipelago XDG_RUNTIME_DIR=/run/user/1000 podman" + for pid in $pids; do # Extract container ID from conmon args local cid @@ -77,8 +81,8 @@ fix_orphaned_conmon() { if [ -z "$cid" ]; then continue fi - # Check if container still exists - if ! podman inspect "$cid" &>/dev/null; then + # Check if container still exists in rootless podman + if ! $PODMANCMD inspect "$cid" &>/dev/null; then local port_info port_info=$(ss -tlnp 2>/dev/null | grep "pid=$pid" | grep -oP ':\K\d+' | head -3 | tr '\n' ',' | sed 's/,$//') log "Killing orphaned conmon pid=$pid (ports: ${port_info:-none})"