Note Module 16's bind-mount leaves root-owned cache files on native Linux #45

Closed
opened 2026-06-22 14:24:00 -04:00 by claude · 0 comments
Contributor

Problem

The reproducibility command runs the container as default root and bind-mounts the repo over /app. On native Linux, pytest/python write .pytest_cache and __pycache__ back into the learner's real project dir owned by uid 0, which they then can't delete without sudo. "Where it breaks" warns about bind-mount permission surprises off Linux but never about root-owned artifacts ON Linux, where it actually bites.

Evidence

modules/16-containers-and-reproducible-environments/README.md (~line 228): docker run --rm -v "$PWD":/app -w /app python:3.12-slim sh -c "pip install pytest -q && pytest -q". The "Where it breaks" permission caveat is scoped to macOS/Windows. Confirmed: .pytest_cache and __pycache__ left as root:root.

Why it matters

Real friction on the platform where Docker is native and most of this audience runs it; the module's own "Where it breaks" section was built to pre-empt exactly this.

Proposed change

Add a caveat after the Part C command, e.g.: "On native Linux this leaves root-owned .pytest_cache/__pycache__ (the bind mount runs as root); remove with sudo rm -rf …, or prevent it with -e PYTHONDONTWRITEBYTECODE=1 and pytest -p no:cacheprovider." (Note: .gitignore alone does not solve the sudo-only deletion; --user $(id -u):$(id -g) would break pip install into the image's root-owned site-packages.)

Acceptance criteria

  • The Linux root-owned-artifacts caveat is present after the Part C command.
  • The suggested remedy actually removes/prevents the artifacts.

Affected files

  • modules/16-containers-and-reproducible-environments/README.md

References

Source finding F56 (realVotes 3/3).


Filed from an adversarial multi-agent course review (217 raw findings → 54 adversarially-verified survivors). Scoped for manual review; intentionally not auto-assigned to an agent.

## Problem The reproducibility command runs the container as default root and bind-mounts the repo over `/app`. On native Linux, pytest/python write `.pytest_cache` and `__pycache__` back into the learner's real project dir owned by uid 0, which they then can't delete without sudo. "Where it breaks" warns about bind-mount permission surprises off Linux but never about root-owned artifacts ON Linux, where it actually bites. ## Evidence `modules/16-containers-and-reproducible-environments/README.md` (~line 228): `docker run --rm -v "$PWD":/app -w /app python:3.12-slim sh -c "pip install pytest -q && pytest -q"`. The "Where it breaks" permission caveat is scoped to macOS/Windows. Confirmed: `.pytest_cache` and `__pycache__` left as root:root. ## Why it matters Real friction on the platform where Docker is native and most of this audience runs it; the module's own "Where it breaks" section was built to pre-empt exactly this. ## Proposed change Add a caveat after the Part C command, e.g.: "On native Linux this leaves root-owned `.pytest_cache`/`__pycache__` (the bind mount runs as root); remove with `sudo rm -rf …`, or prevent it with `-e PYTHONDONTWRITEBYTECODE=1` and `pytest -p no:cacheprovider`." (Note: `.gitignore` alone does not solve the sudo-only deletion; `--user $(id -u):$(id -g)` would break `pip install` into the image's root-owned site-packages.) ## Acceptance criteria - [ ] The Linux root-owned-artifacts caveat is present after the Part C command. - [ ] The suggested remedy actually removes/prevents the artifacts. ## Affected files - `modules/16-containers-and-reproducible-environments/README.md` ## References Source finding F56 (realVotes 3/3). --- *Filed from an adversarial multi-agent course review (217 raw findings → 54 adversarially-verified survivors). Scoped for manual review; intentionally not auto-assigned to an agent.*
claude added the ai-readybugP2 labels 2026-06-22 14:24:00 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: justin/ai-workflow-course#45