lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity

fix: use rootless podman to check conmon ownership in doctor

Browse Source 
Critical bug: the doctor runs as root but containers are rootless
under the archipelago user. When checking if a conmon process has an
associated container, the root podman database was queried (empty),
causing ALL conmon processes to be identified as orphaned and killed.
This terminated running containers every 30 minutes.

Fix: use sudo -u archipelago to query the rootless podman database.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian 2026-03-30 23:22:28 +01:00
parent b36b867d01
commit d6441082fd
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/container-doctor.sh
View File

@ -70,6 +70,10 @@ fix_orphaned_conmon() {
return 1 return 1
fi fi
# Doctor runs as root but containers are rootless under archipelago user.
# Must check container existence using the rootless podman database.
local PODMANCMD="sudo -u archipelago XDG_RUNTIME_DIR=/run/user/1000 podman"
for pid in $pids; do for pid in $pids; do
# Extract container ID from conmon args # Extract container ID from conmon args
local cid local cid
@ -77,8 +81,8 @@ fix_orphaned_conmon() {
if [ -z "$cid" ]; then if [ -z "$cid" ]; then
continue continue
fi fi
# Check if container still exists # Check if container still exists in rootless podman
if ! podman inspect "$cid" &>/dev/null; then if ! $PODMANCMD inspect "$cid" &>/dev/null; then
local port_info local port_info
port_info=$(ss -tlnp 2>/dev/null | grep "pid=$pid" | grep -oP ':\K\d+' | head -3 | tr '\n' ',' | sed 's/,$//') port_info=$(ss -tlnp 2>/dev/null | grep "pid=$pid" | grep -oP ':\K\d+' | head -3 | tr '\n' ',' | sed 's/,$//')
log "Killing orphaned conmon pid=$pid (ports: ${port_info:-none})" log "Killing orphaned conmon pid=$pid (ports: ${port_info:-none})"