[ws-daemon] Properly chown /dev/fuse

Author: csweichel

components/ws-daemon/nsinsider/main.go

@@ -193,13 +193,32 @@ func main() {
 			{
 				Name:  "mknod-fuse",
 				Usage: "creates /dev/fuse",
+				Flags: []cli.Flag{
+					&cli.IntFlag{
+						Name:     "uid",
+						Required: true,
+					},
+					&cli.IntFlag{
+						Name:     "gid",
+						Required: true,
+					},
+				},
 				Action: func(c *cli.Context) error {
 					err := unix.Mknod("/dev/fuse", 0666|unix.S_IFCHR, int(unix.Mkdev(10, 229)))
 					if err != nil {
 						return err
 					}
 
-					return os.Chmod("/dev/fuse", os.FileMode(0666))
+					err = os.Chmod("/dev/fuse", os.FileMode(0666))
+					if err != nil {
+						return err
+					}
+					err = os.Chown("/dev/fuse", c.Int("uid"), c.Int("gid"))
+					if err != nil {
+						return err
+					}
+
+					return nil
 				},
 			},
 			{

components/ws-daemon/pkg/iws/iws.go

@@ -12,6 +12,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strconv"
 	"sync"
 	"syscall"
 	"time"
@@ -215,7 +216,7 @@ func (wbs *InWorkspaceServiceServer) PrepareForUserNS(ctx context.Context, req *
 	//   - https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-July/009797.html
 	//   - https://lists.linuxcontainers.org/pipermail/lxc-users/2014-October/007948.html
 	err = nsinsider(wbs.Session.InstanceID, int(containerPID), func(c *exec.Cmd) {
-		c.Args = append(c.Args, "mknod-fuse")
+		c.Args = append(c.Args, "mknod-fuse", "--uid", strconv.Itoa(wsinit.GitpodUID), "--gid", strconv.Itoa(wsinit.GitpodGID))
 	})
 	if err != nil {
 		log.WithError(err).WithFields(wbs.Session.OWI()).Error("PrepareForUserNS: cannot mknod fuse")