Run applications as non-root user in "bolt run"#18
Merged
astolcenburg merged 1 commit intordkcentral:mainfrom Dec 11, 2025
Merged
Run applications as non-root user in "bolt run"#18astolcenburg merged 1 commit intordkcentral:mainfrom
astolcenburg merged 1 commit intordkcentral:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR changes the default behavior of "bolt run" to execute applications as a non-root user (UID/GID 34567) instead of root (UID/GID 0), with the --develop option available to restore previous root-based behavior for debugging purposes.
Key Changes:
- Introduced non-root default user credentials (UID/GID 34567) for improved security
- Modified runtime configuration template generation to support dynamic user namespace mappings based on options
- Enhanced device node permission handling to ensure non-root users can access required devices
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| bolt/src/config.cjs | Adds DEFAULT_UID and DEFAULT_GID constants (34567) for non-root user execution |
| bolt/src/runtime-config.cjs | Updates template to use configurable UID/GID, removes hardcoded mappings, adds dynamic user namespace configuration, enhances device permission checking |
| bolt/src/run.cjs | Passes options through function chain, adds runOptions handlers for CLI options (develop, uid, gid, userns, clear-storage), sets permissive directory permissions for overlay filesystem |
| bolt/src/bolt.cjs | Integrates runOptions with run command, adds --develop flag documentation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Use the --develop option to restore the previous behavior. Ref: #RDKEAPPRT-485
ansu-mathew
approved these changes
Dec 11, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Use the --develop option to restore the previous behavior.
Ref: #RDKEAPPRT-485