fix: resolved Langflow data directory permission error on macOS with Podman#1249
Merged
mpawlow merged 4 commits intorelease-0.4.0from Mar 24, 2026
Merged
Conversation
…Podman Issue - #1233 Summary - Added chmod 777 langflow-data to the ensure-langflow-data Makefile target so all make dev-* targets pre-create the directory with world-writable permissions, matching the behaviour already present in test-ci - Added pre-creation of the Langflow data directory with os.chmod(0o777) in setup_host_directories() so the TUI (uvx openrag) path no longer relies on Docker/Podman to create the directory on-the-fly with incorrect ownership - Added _resolve_langflow_data_path() helper to read the configured LANGFLOW_DATA_PATH from the TUI .env, honouring user-customised absolute paths and falling back to ~/.openrag/data/langflow-data for empty or relative values; relative paths emit a warning and fall back to the default since CWD is unpredictable in the TUI context Factory Reset - Added deletion of the Langflow data directory to _factory_reset_with_data_clear() in the TUI monitor screen, mirroring the factory-reset Makefile target which already removed ./langflow-data - Shared _resolve_langflow_data_path() used in factory reset to target the same directory that was pre-created at startup, including a safety guard that refused deletion of any path resolving outside the user's home directory Legacy Data Migration - Added langflow-data to migrate_legacy_data_directories() migration mappings so users upgrading from a Makefile-based setup had their ./langflow-data directory copied to ~/.openrag/data/langflow-data on first TUI startup - Added langflow_data_path to both .env update blocks in migrate_legacy_data_directories() (fresh-install path and post-copy path) so LANGFLOW_DATA_PATH was normalised to the absolute TUI default alongside all other data paths
…Podman Issue - #1233 Summary - Fixed Langflow data directory permission error on macOS with Podman Container Entrypoint - Added scripts/langflow-entrypoint.py, a Python entrypoint script that runs as root at container startup - Entrypoint corrects /app/langflow-data bind-mount permissions (chmod 0o777) to work around macOS + Podman virtiofs not propagating host-side chmod into the container - After fixing permissions, the entrypoint drops privileges from root to uid/gid 1000 (langflow user) before exec-ing the main process Dockerfile Changes - Copied scripts/langflow-entrypoint.py into the image at /usr/local/bin/langflow-entrypoint with executable permissions (--chmod=755) - Switched to USER root after the COPY so the entrypoint has the privileges needed to correct bind-mount ownership at runtime - Set ENTRYPOINT ["langflow-entrypoint"] so the permission-fix logic runs before the default CMD
…Podman Issue - #1233 Summary - Fixed Langflow container startup failure on macOS with Podman caused by incorrect HOME environment variable after privilege drop. Bug Fix - Added pwd module import to look up the passwd entry for uid 1000 before dropping privileges. - After dropping from root to uid/gid 1000, restored HOME and USER environment variables to reflect the unprivileged user. - Added fallback values (/app and langflow) if uid 1000 has no passwd entry. Root Cause - When the container ran as root (USER root in the Dockerfile), HOME was set to /root. - After os.setuid(1000), the HOME variable remained /root, causing uv to attempt writing to /root/.cache/uv — a directory the now-unprivileged process could not access. - This manifested specifically on macOS with Podman due to how that runtime handles volume mount ownership.
…Podman Issue - #1233 Summary - Fixed save_env → save_env_file method renames and auto-corrected relative LANGFLOW_DATA_PATH on detection Bug Fixes - Renamed two calls to the deprecated save_env() method to the correct save_env_file() in migrate_legacy_data_directories() to fix runtime AttributeError during legacy data directory migration Behavior Changes - Updated log message wording from "Using default" to "Resetting to default" when a relative LANGFLOW_DATA_PATH is detected to better reflect the action taken - Added automatic correction of a relative LANGFLOW_DATA_PATH in the .env file when detected — previously the TUI would fall back to the default silently without persisting the fix, leaving the bad value in place for subsequent runs
github-actions
bot
added
backend
2 tasks
github-actions
bot
added
bug
github-actions
bot
deleted the
mp/fix/0.4.0/GH-1233-langflow-data-permissions-macos
branch
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue
Reference Pull Request