From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 3D7EA10B18;
	Wed, 03 Dec 2025 15:55:59 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 3A86010A52; Wed, 03 Dec 2025 15:55:52 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1
Received: from mail-yx1-xb135.google.com (mail-yx1-xb135.google.com
 [IPv6:2607:f8b0:4864:20::b135])
	by atuin.qyliss.net (Postfix) with ESMTPS id C08C810A51
	for <devel@spectrum-os.org>; Wed, 03 Dec 2025 15:55:51 +0000 (UTC)
Received: by mail-yx1-xb135.google.com with SMTP id
 956f58d0204a3-641e942242cso6681639d50.1
        for <devel@spectrum-os.org>; Wed, 03 Dec 2025 07:55:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1764777349; x=1765382149;
 darn=spectrum-os.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=coyHoU3HnZW8Ueht2wWMS0eWWB9G4DgeSuU6DEndg6w=;
        b=O992xk96hwkNxNvfg1Br0Vz1UwJUZY0WzpJaV/aESJG7D0NFYczTqWCG80bDDtwfUq
         RGd7nbZPaEKuQHjdBJrwC7iUtShpSjG0CZ91iWfb8BTKSExDyejGVVyonNH1pTV1BJ2r
         n6emRvwm8TsStkljTV8S54TYOcgNz/jYVTHcisYjLHvUdy7P8T4R05pdpiAUkIUcFD6U
         DDVkbJ9YEMeqrMC7EoLesWEnb7VGHkmxTzhCGvtLAhGyb7DtdBpgvaUb/8F6Wil0EN6E
         G6cY/EEFNdUOfOhgJXBUFW+DqhmiXxZxHvKOL103ZW7wGnBHS3zWBSKxrUN9tohtpD8M
         U6Fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1764777349; x=1765382149;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=coyHoU3HnZW8Ueht2wWMS0eWWB9G4DgeSuU6DEndg6w=;
        b=QMBMsRh2LBmy2+Or8vToJY3iyiuxEs19jdR9A/FSbuEpT/IX0Dmr2N5pzdd+6bxjeP
         srBaMmYLCevO9fCUO/aCS/+fLvm9B+US8UvMfgm9UZ5f9AAGmX6y3l9ERWFfOlc11QWm
         j8gCJFmfVbSjXy8H2QXasTuy2ZUixh6CARTYH+sU2REey4SZyViqmh/2WbcWO16IReVR
         aEOiA+UyBM2ombwcMs4cctWJvdIpUDpdQQNLNvRpemoKWSsjjHdBgoEOYMRbVX/XYPY1
         lDxT7zqqns58mBcFeO95smnYnJHipTsi4XQux86xhitV7HPtpl25NidkKJWjqUMwmxBg
         DQ1w==
X-Gm-Message-State: AOJu0YxMTWjUFjLzCIQp+mpDhdw9n804zuWeEKOoTiXxLpqU56rqAT1i
	G5225+VsqPFfjzPRojEvST+VjO/pwU5C2N+OXEP2mlBKM85yF2a5x8GTGpUevA==
X-Gm-Gg: ASbGncsh5Ry/S07jMXPw2S1t0X4KgjfM0461K/PiUDx8o2HILUdTmViJVb7T83v03QS
	tmCNj+C78LM+G8WQMmg+MGpQ3WZwy4AVZsQC8L5BrwUTvky6omLTadxrOhHJkFJaSYUnSKW0+HC
	lEmvnkjQfE2itE3eZdz6NR+tHHHNxoA0p/gC+wUoP6uUZYSIgQhlGIzNI+VhmPOA6A9WckCfCtK
	R2DiJI0StWtgAZXmS7C1kTLIVN2VmjgESf99YwdEKj9wRcQTeCHajRYeWddEIb+Ea2TQB14NBn8
	0q67tD0YJQF3PdWFwrKtFdPjyH3rhoM4JcRusDU/sQwVX++eMJziJsuSMWwXQyRHDRcCEXkjSbw
	xjizOLtrM04R1oTMPrVr4xsmXRw657tguJh2vI4Ikm3fPlZcXVJa3QUFfrDyCYtkTl8O7RxKnd3
	2kgqSgNy6mSMLjoBiU6OUE/qWJNHeO4rISz7ZmNXBho3wnsXGWTDbrls3pCYDSyvmjQGYHoiQL3
	aK9Re9d6vcVvP3FzxtplWUG4Oy2STaPHAQ=
X-Google-Smtp-Source: 
 AGHT+IEppMb4ZSSqlo5qVTX7UqcXWZ4j4DoEcSW/pkW5qRjPN370Jt+PMqNAwDpS7TdHqotLM6IJWQ==
X-Received: by 2002:a05:690e:4144:b0:640:db91:33d6 with SMTP id
 956f58d0204a3-64436f8e309mr1957971d50.8.1764777349184;
        Wed, 03 Dec 2025 07:55:49 -0800 (PST)
Received: from localhost.localdomain
 (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169])
        by smtp.gmail.com with UTF8SMTPSA id
 00721157ae682-78ad0d5fe74sm74599707b3.16.2025.12.03.07.55.48
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 03 Dec 2025 07:55:48 -0800 (PST)
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Wed, 03 Dec 2025 10:54:57 -0500
Subject: [PATCH v3 3/5] host/rootfs: Unshare a few more namespaces in
 virtiofsd
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20251203-sandbox-v3-3-f16ae06a251e@gmail.com>
References: <20251203-sandbox-v3-0-f16ae06a251e@gmail.com>
In-Reply-To: <20251203-sandbox-v3-0-f16ae06a251e@gmail.com>
To: Spectrum OS Development <devel@spectrum-os.org>
X-Mailer: b4 0.14.3
X-Developer-Signature: v=1; a=ed25519-sha256; t=1764777294; l=1069;
 i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id;
 bh=3Kx19LfmqXD9fGe+RFQpTpDKwMIinU17RxOURwcEwko=;
 b=cSjF+uHz5j+wckzc2e7kZDIlQ4y0l29tZZjqrqgUVLoWf1iKEuSelhbc4UL8AjeQWSOr5ZdvW
 i3YSEiqJiYwDiZ7AOFv0BKJVbv3BUo6b/IlC76mvBbP+CA4+kRCV2dN
X-Developer-Key: i=demiobenour@gmail.com; a=ed25519;
 pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0=
Message-ID-Hash: O4QJFOTSZLZTWQ7BZU7WYJ5I2N2BZC3T
X-Message-ID-Hash: O4QJFOTSZLZTWQ7BZU7WYJ5I2N2BZC3T
X-MailFrom: demiobenour@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>, Alyssa Ross <hi@alyssa.is>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/O4QJFOTSZLZTWQ7BZU7WYJ5I2N2BZC3T/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

It doesn't need to share IPC, UTS, or cgroup namespaces.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
 .../service/vm-services/template/data/service/vhost-user-fs/run         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-fs/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-fs/run
index bfe66f4607ab07884488df35691ba1c202b26e8e..6bd69ad944a464294ad9a3268c8a63482c7e8040 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-fs/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-fs/run
@@ -13,6 +13,6 @@ export TMPDIR /run
 importas -i VM VM
 
 nsenter --mount=${VM}/mount
-unshare -U --map-user 1000 --map-group 1000
+unshare -U --map-user 1000 --map-group 1000 --uts --ipc --cgroup
 
 virtiofsd --fd 3 --shared-dir ${VM}/fs

-- 
2.52.0