PlaceOS · chillfox · Nov 5, 2025
diff --git a/Dockerfile b/Dockerfile
@@ -25,7 +25,7 @@
    "${USER}"

 # Update package list and install packages
 RUN apt-get update && apt-get install -y --no-install-recommends \
    autoconf \
    automake \
    libtool \
@@ -85,7 +85,7 @@

 # obtain busy box for file ops in scratch image
 ARG TARGETARCH
 RUN case "${TARGETARCH}" in \
      amd64) ARCH=x86_64 ;; \
      arm64) ARCH=armv8l ;; \
      *) echo "Unsupported arch: ${TARGETARCH}" && exit 1 ;; \
@@ -93,6 +93,9 @@
     wget -O /busybox https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-${ARCH} && \
     chmod +x /busybox
 
+# Create tmp directory with proper permissions
+RUN rm -rf /tmp && mkdir -p /tmp && chmod 1777 /tmp
+
 # Build a minimal docker image
 FROM scratch
 WORKDIR /app
@@ -129,23 +132,26 @@
 COPY --from=build --chown=0:0 /app/www /app/www
 COPY --from=build --chown=0:0 /app/tmp /tmp
 
+# Copy tmp directory
+COPY --from=build /tmp /tmp
+
 # This seems to be the only way to set permissions properly
 # this only works as we're copying over the dependencies for git
 # which includes /lib/ld-musl-* files
 # COPY --from=build /bin /bin
 RUN /bin/busybox chmod -R a+rwX /tmp
 RUN /bin/busybox chmod -R a+rwX /app/www

 # so we can run commands on remote network volumes
 RUN /bin/busybox mkdir /nonexistent/ && /bin/busybox chown appuser:appuser /nonexistent/
 USER appuser:appuser
 RUN /bin/busybox touch /nonexistent/.gitconfig
 RUN /git config --global --add safe.directory '*'

 # remove the shell and make the home folder read only to the user
 USER root:root
 RUN /bin/busybox chown -R root:root /nonexistent/
 RUN /bin/busybox rm -rf /bin/busybox

 # Use an unprivileged user.
 USER appuser:appuser