Skip to content

Git 2.35+ may refuse to operate on bind-mounted repos with differing ownership ("dubious ownership"), Mark /app as safe within the container. #5969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
shaoliang123456 wants to merge 2 commits into
base: development
Choose a base branch
from
Open

Git 2.35+ may refuse to operate on bind-mounted repos with differing ownership ("dubious ownership"), Mark /app as safe within the container. #5969

shaoliang123456 wants to merge 2 commits into from
+3 −0

Conversation

@shaoliang123456
Copy link

@shaoliang123456 shaoliang123456 commented Dec 30, 2025

Local Environment:

WSL2 + Windows 11 + Docker Desktop + Git 2.43.0

After starting the application with docker compose up, the logs show the following warning:

The repository at "/app" does not have the correct ownership and git refuses to use it:
fatal: detected dubious ownership in repository at '/app'
To add an exception for this directory, call:
git config --global --add safe.directory /app
This occurs because Git 2.35.2+ enforces ownership checks on repositories, and the bind-mounted /app directory in the container has a different UID than the container’s runtime user. While this doesn’t break the web application itself, it prevents developers from using Git commands inside the container (e.g., for debugging or version detection), and clutters the logs.

This PR automatically adds /app to Git’s safe.directory list in the app container’s entrypoint, resolving the issue without affecting functionality.

@ssddanbrown
Copy link
Member

ssddanbrown commented Dec 30, 2025

Thanks @shaoliang123456.
Could this instead be added to the Dockerfile for the development app container?
We only really expect users to maybe use that container interactively for development, and since it's a global option I think this can be part of the container image, which will then take force even if the user is overriding the entry-point to jump directly into a bash shell.

@shaoliang123456
fix: Docker: Add
5c4fc3d 
git safe.directory config for bind-mounted repos.Mark
 /app as safe directory to handle Git 2.35+ ownership
 checks in Docker containers.
@shaoliang123456 shaoliang123456 force-pushed the fix/git-safe-directory-in-docker branch 2 times, most recently from ac0ef8b to b16e2a0 Compare December 31, 2025 06:05
@shaoliang123456
Copy link
Author

shaoliang123456 commented Dec 31, 2025

Thanks @shaoliang123456. Could this instead be added to the Dockerfile for the development app container? We only really expect users to maybe use that container interactively for development, and since it's a global option I think this can be part of the container image, which will then take force even if the user is overriding the entry-point to jump directly into a bash shell.

Thanks for the suggestion. I've moved the git config --system --add safe.directory /app command into the Dockerfile.
This ensures that /app is recognized as a safe directory regardless of how the container is started—even if the entrypoint is overridden (e.g., when launching a shell directly for debugging).
I’ve tested the change and the “dubious ownership” warning no longer appears in the logs. Git commands now work as expected in the container.

@shaoliang123456 shaoliang123456 force-pushed the fix/git-safe-directory-in-docker branch from b16e2a0 to 018de5d Compare December 31, 2025 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shaoliang123456 @ssddanbrown