security(ocr): redirect XDG cache and Torch home away from read-only HOME
Prevents PyTorch/Matplotlib/Ketos from writing to /home/ocr which is on the read-only container filesystem — fixes Nora's blocker. Also restores the explanatory comment on the ocr_cache volume mount. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
@@ -30,6 +30,8 @@ RUN chmod +x /app/entrypoint.sh
|
||||
|
||||
ENV HOME=/home/ocr
|
||||
ENV HF_HOME=/app/cache
|
||||
ENV XDG_CACHE_HOME=/app/cache
|
||||
ENV TORCH_HOME=/app/models/torch
|
||||
|
||||
USER ocr
|
||||
|
||||
|
||||
Reference in New Issue
Block a user