psa-systems/bunyip
8
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

fix(web-dev): web dev container crash-loops on bun permissions (BUNYIP-37) #35

Merged
nrupard merged 1 commit from fix/bunyip-37-web-dev-bun into main 2026-06-02 18:30:04 +02:00
Conversation 0 Commits 1 Files changed 1 +9
nrupard commented 2026-06-02 17:56:36 +02:00
Owner
Copy link

What

Fixes BUNYIP-37: the bunyip-web dev container crash-looped with sh: 1: bun: Permission denied because the base image's /usr/local/bin/bun is a symlink into /root/.bun, which the non-root host user (governance requirement) cannot traverse.

Change

One Dockerfile fix in the dev image: replace the symlink with a real copy of the bun binary, and add a bunx symlink beside it (package.json scripts call bunx, which the base image only provides inside /root/.bun).

Verification (clean slate)

Removed the web container and the node_modules volume, rebuilt with just dev-detach:

Check Result
CSS build at startup assets/styles.css built and served (66 KB)
Tailwind watcher + cargo-watch running as host uid (1004)
http://localhost:4400 200, UI renders with styling
Container stability no restarts

Notes

The long-term fix is in the base image (ghcr.io/niceguyit/rust-builder-glibc should install bun world-readable); this unblocks bunyip dev (and BUNYIP-34) without waiting for that.

## What Fixes BUNYIP-37: the bunyip-web dev container crash-looped with `sh: 1: bun: Permission denied` because the base image's `/usr/local/bin/bun` is a symlink into `/root/.bun`, which the non-root host user (governance requirement) cannot traverse. ## Change One Dockerfile fix in the dev image: replace the symlink with a real copy of the bun binary, and add a `bunx` symlink beside it (package.json scripts call `bunx`, which the base image only provides inside `/root/.bun`). ## Verification (clean slate) Removed the web container and the node_modules volume, rebuilt with `just dev-detach`: | Check | Result | | --- | --- | | CSS build at startup | `assets/styles.css` built and served (66 KB) | | Tailwind watcher + cargo-watch | running as host uid (1004) | | http://localhost:4400 | 200, UI renders with styling | | Container stability | no restarts | ## Notes The long-term fix is in the base image (ghcr.io/niceguyit/rust-builder-glibc should install bun world-readable); this unblocks bunyip dev (and BUNYIP-34) without waiting for that.
fix(web-dev): replace inaccessible bun symlink so dev container runs as host user (BUNYIP-37)
Some checks failed
Check / fmt / clippy / build / test (pull_request) Failing after 20s
Details
Create release / Create release from merged PR (pull_request) Has been skipped
Details
b892859d94 
The rust-builder-glibc base image ships /usr/local/bin/bun as a symlink to /root/.bun/bin/bun. The dev container runs as the host user (governance requirement), who cannot traverse /root (mode 700), so every bun invocation failed with "bun: Permission denied" and the container crash-looped before ever starting the CSS build or the web server.

Replace the symlink with a real copy of the bun binary and add a bunx symlink next to it (package.json scripts invoke bunx, which the base image only provides inside /root/.bun).

Verified from a clean slate (web container + node_modules volume removed and recreated): bun builds CSS at startup (assets/styles.css served at 66 KB), the Tailwind watcher and cargo-watch run as the host uid, and http://localhost:4400 serves the UI with styling.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
nrupard deleted branch fix/bunyip-37-web-dev-bun 2026-06-02 18:30:05 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
psa-systems/bunyip!35
No description provided.