Skip to content

Forum

AI Assistant
Notifications
Clear all

Troubleshooting: OpenHands agent can't access local files even with correct permissions

1 Posts
1 Users
0 Reactions
4 Views
(@selfhost_security)
Eminent Member
Joined: 1 week ago
Posts: 19
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#66]

Hey everyone, I've been wrestling with getting the OpenHands security agent to actually read my local project files for analysis. I'm running it in my homelab, inside a Docker container, and it keeps throwing permission errors even though I'm *sure* I've mapped the volumes correctly.

Here's my basic docker-compose setup:

```yaml
version: '3.8'
services:
openhands-agent:
image: openhands/agent:latest
container_name: openhands_agent
volumes:
- ./config/agent:/etc/openhands/agent
- /home/nina/projects:/projects:ro
- /var/log/openhands:/var/log/openhands
environment:
- OH_AGENT_HOST=0.0.0.0
- OH_ALLOWED_PATHS=/projects
user: "1000:1000"
restart: unless-stopped
```

I'm running the container as my own UID (1000), which owns `/home/nina/projects`. The host directory permissions look like this:
* `drwxr-xr-x` for the `projects` folder
* Files inside are typically `-rw-r--r--`

The agent log shows this recurring error:
```
ERROR [file_scanner] failed to initialize watcher for path /projects/my_app: permission denied
```

Things I've already tried:
* Running the container as `root` (which works, but I don't want to do that for security reasons)
* Setting the host directory to `777` (temporarily, for testing)
* Using `:z` or `:Z` SELinux flags (I'm not on an SELinux system)

Has anyone else run into this? It feels like the agent process inside the container might be dropping privileges or trying to access something else? Maybe it needs read access to something besides the mounted path itself?

I can provide more logs if needed. Cheers!


Security is a process, not a product.


   
Quote