Problem
The compiled .lock.yml files contain a "Print firewall logs" step that runs chmod -R a+r on the firewall audit directory (/tmp/gh-aw/sandbox/firewall/audit/). This grants read permission on directories but not execute (search), so the runner user cannot traverse them.
This causes all agentic workflow lock files to fail artifact uploads with:
EACCES: permission denied, stat '/tmp/gh-aw/sandbox/firewall/audit/docker-compose.redacted.yml'
Root cause
AWF runs Docker via sudo, creating root-owned files/directories in the audit path. The cleanup chmod -R a+r makes files readable but directories are not traversable (need +x).
Fix
Change chmod -R a+r → chmod -R a+rX in the gh-aw compiler template that generates the "Print firewall logs" step. The uppercase X adds execute to directories only (not regular files), making them traversable without over-permissioning.
Workaround
We've manually patched all 34 .lock.yml files in gh-aw-firewall PR #2555, but this will regress on every recompile until the compiler template is fixed.
References
Problem
The compiled
.lock.ymlfiles contain a "Print firewall logs" step that runschmod -R a+ron the firewall audit directory (/tmp/gh-aw/sandbox/firewall/audit/). This grants read permission on directories but not execute (search), so therunneruser cannot traverse them.This causes all agentic workflow lock files to fail artifact uploads with:
Root cause
AWF runs Docker via
sudo, creating root-owned files/directories in the audit path. The cleanupchmod -R a+rmakes files readable but directories are not traversable (need+x).Fix
Change
chmod -R a+r→chmod -R a+rXin the gh-aw compiler template that generates the "Print firewall logs" step. The uppercaseXadds execute to directories only (not regular files), making them traversable without over-permissioning.Workaround
We've manually patched all 34
.lock.ymlfiles in gh-aw-firewall PR #2555, but this will regress on every recompile until the compiler template is fixed.References