Python app ownership issue

My current setup is as follow
Ixora carrier board v1.2
Apalis iMX8QM v1.1

I am trying to build a python app. The app writes a file to disk. I have noticed strange behavior in debug and release modes of the application.

When I run the app in debug mode, the app folder which i call “file-write” is owned by torizon when I log into the docker container. This means it has correct permissions for python program to write a file to disk.
Here is a sample output.

When I run the same file in release mode, file-write folder has root permissions and the app gets a permission denied error when it tries to write to disk.

Why is there difference in behavior?

I have also noticed strange behavior in Dockerfile.release .


On line 42 it says debug rather than release.

How can I give ownership of file-write to torizon in release mode.

Hi @fahads ,

I’ll ask the Dockerfile release and the folder ownership questions to the IDE extension team and I’ll reply to you as soon as I have an answer on their side.

You can change the ownership of the project folder by going in the extension configurations and adding this value to property targetfiles:

RUN chown -R torizon:torizon /file-write

After this, rebuild the container by pressing:

F1 → Torizon: Build release container for the application

Then deploy it to the module:

F1 → Torizon: Deploy release container

Hope this helps you.

Best regards,
Lucas Akira

thanks for your reply. is it targetfiles or targetcommands?

Hi @fahads ,

thanks for your reply. is it targetfiles or targetcommands?

It should be targetfiles. One thing I forgot to mention is that this property should only be applied to release, as it breaks the debug build. You can check how to apply a property only to a specific type of build here: Systemd service management on Torizon - #17 by lucas_a.tx. However, I have a possible better solution than using this property, see below.

I’ve talked to the extension team and here’s what I got:

  • The /setup.sh debug and /cleanup.sh debug lines present on Dockerfile.release are indeed not intentional and should be corrected in a future update. Thank you for reporting this!

  • The difference in ownership is due to how the Docker image is built for each type:

    • On debug the project directory (in your case /file-write) is a bind mount; VSCode first copies it to your SoM (specifically to the $HOME directory) then runs the container with argument --volume. If the extension is accessing the SoM via SSH as torizon, then this user will be the owner of the folder.

    • On release the project directory is part of the Docker image as it is copied to the image when building it with docker build. Given that in Dockerfile.release the copy occurs before defining a user, the default owner is root.

With this difference in mind I’d recommend creating a new bind mount in volumes and write all your files there instead of using the app folder, as this alternative should work without problems on both debug and release builds. If you do this the owner of the bind mount will be torizon if the extension is accessing the SoM with this user, which is usually the case.

Let me know if this helps you.

Best regards,
Lucas Akira

Hi @fahads ,

Just letting you know that the permission issue has been fixed in the latest early access version of our extension: Toradex Torizon Support (Early Access).

Best regards,
Lucas Akira