From 6acb54f110da7ce9a49c199d4754cfa0d4622748 Mon Sep 17 00:00:00 2001
From: mikeangstadt <mike.angstadt@closedloop.ai>
Date: Thu, 5 Mar 2026 15:46:54 -0600
Subject: [PATCH] Fix config schema permission error on Linux Docker (#197)

On Linux, Docker bind mounts preserve host filesystem permissions.
The ./configs:/app/configs mount exposes root-owned files to the
container's non-root pentest user (UID 1001), causing EACCES when
loading config-schema.json at startup.

Add chmod -R a+r ./configs before starting containers, following
the same permission-fixing pattern used for audit-logs and
deliverables directories.

Closes #197

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 shannon | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/shannon b/shannon
index 0a96eba3..962e0d8e 100755
--- a/shannon
+++ b/shannon
@@ -246,9 +246,11 @@ cmd_start() {
     export ANTHROPIC_AUTH_TOKEN="shannon-router-key"
   fi
 
-  # Ensure audit-logs directory exists with write permissions for container user (UID 1001)
+  # Ensure host-mounted directories are readable by container user (UID 1001)
+  # On Linux, bind mounts preserve host permissions — configs may be root-owned
   mkdir -p ./audit-logs ./credentials
   chmod 777 ./audit-logs
+  chmod -R a+r ./configs 2>/dev/null || true
 
   # Ensure repo deliverables directory is writable by container user (UID 1001)
   if [ -d "./repos/$REPO" ]; then