From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id BDE771375A;
	Thu, 04 Dec 2025 02:22:02 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 03E17136A9; Thu, 04 Dec 2025 02:21:53 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1
Received: from mail-yx1-xb12b.google.com (mail-yx1-xb12b.google.com
 [IPv6:2607:f8b0:4864:20::b12b])
	by atuin.qyliss.net (Postfix) with ESMTPS id E3E9413694
	for <devel@spectrum-os.org>; Thu, 04 Dec 2025 02:21:51 +0000 (UTC)
Received: by mail-yx1-xb12b.google.com with SMTP id
 956f58d0204a3-64107188baeso337997d50.3
        for <devel@spectrum-os.org>; Wed, 03 Dec 2025 18:21:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1764814909; x=1765419709;
 darn=spectrum-os.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=coyHoU3HnZW8Ueht2wWMS0eWWB9G4DgeSuU6DEndg6w=;
        b=VJfYu4hsXG8kIjQ1pxK0NEyxm8M1jeXntYppQZYEdZRKMymKBBWhiZWSkAlyDzD44k
         RDsfhSG6naRFXU9BZ1RZFfl+K+UIyn5zBSSVaflNtna1/dbVRZR9mY0wAofvUr5Oeabe
         /aj3j/fXolG/jnaTQLHGytuvXcvSxFAuK4SYYqq3HYGusqr8sPOrYDIO46cgTeCb3Dog
         qCSKnbCjN9KC+thdwdia8eEmsPCMeG82FjyS67KvEn3GeJvjE45SRXPgeJjQGh/WYxzN
         ETxlq/BG61Z4CaT6DtF0Z5NWxZYq40UyJ+ZC8MfXV5FJ1wot6dga6XpRYN7WEYS8mCYc
         x4ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1764814909; x=1765419709;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=coyHoU3HnZW8Ueht2wWMS0eWWB9G4DgeSuU6DEndg6w=;
        b=EEuWUvwHo3PTp3PNSx/8opGcoiOYvP11QsUYn5oXRBr/whubRUbB4wuTBKjKNWP12d
         XcOB2JRUOPrMvWmz51Vufvz89Qka5MkXdFp400QHk5Pypzti4ibWPo6FRa+0p5MOls9l
         mpxy76nBfPlUwTKmbyhDVmzSRl0quoaAfrz388Tu/Jsw/alnpAKEZxRE+Y9NRWtiJKbg
         KJKCPEOmOqNT9eD3IkL756sgB5Pk4S+FdlHw+amTBP9gdJKNO9t/sbuGyjw3DbM6wzzC
         owdX/fJfbVwFC2/B2UQb3cjay9bc+WgHOEs8e0HLU/D+8ucAYrT0dyN/IvsuKBLAnf4K
         9SiQ==
X-Gm-Message-State: AOJu0YxWrPZ7QejFojAtfSZiPPBAm30ntziretIqYpp/SATOSpM9q1rn
	mcgLVl/wNd96BdDWQ3I8y1MVjZjxLFeAHVLMNCSEHUn2W56OhY8Iy2M7MTXHwA==
X-Gm-Gg: ASbGncvYnDpQ7zMShrh4dxz4hV6jxxup5K8JxAAN/p/Nvme7oOkumqrg2xmxnjdBJD0
	6snQ43p7iVnRb/jZA8u9O9QCSG7cZ9V46ccnxT/w7W9aLv61nNl/OzJb0JwVqOEHOpXpP9WasxR
	tohsS2DHgf4GMbbiil6xXy9fMGzR4pE3rI+vKCb/XUYHKOTIu3DOgSzQoq4/H+1msj6/fgimHzX
	Pp2i/T7pu6Z9ZRM8XEuPDEgdXxGUeCyYoMFWhaMhZCH+RlQtWkLmFYvvauR68Sioak7XalkH26u
	rg25noD+MLyElFNoxLZzRxNyWn52utx0Pt0/xjs+WuyxdouFDK+bN/kJWcbAQwNNDy8/0JEtVYh
	bnXkIlBg3/zaGxVA6/fWk2qAGggmPPwHRBj7V1wNdILWhRXmafcNq0vBOfbVuO7mEOXgoNtrOlP
	4KWRTfp3hwXKVgtOZdQHUen19jjNltOEjDZGH3ARIRPNklg29NBlaeCYle6OE/oSgOCKV0xlqwf
	cGNBxuy3Yw7nJV0g5w7vLAnGGnouYVh5snMLsp4LTxErQ==
X-Google-Smtp-Source: 
 AGHT+IH3uIxNFhIAw+Z5y0s5xZfnCrhIaIreIn/qOSbBUROeT6sGodl7H85uC5DjeOqm4tJqRcINNg==
X-Received: by 2002:a05:690c:680c:b0:78a:6fb9:42f6 with SMTP id
 00721157ae682-78c0bf532b9mr38372367b3.28.1764814909283;
        Wed, 03 Dec 2025 18:21:49 -0800 (PST)
Received: from localhost.localdomain
 (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169])
        by smtp.gmail.com with UTF8SMTPSA id
 00721157ae682-78c1b7795a7sm736947b3.34.2025.12.03.18.21.48
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 03 Dec 2025 18:21:48 -0800 (PST)
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Wed, 03 Dec 2025 21:20:40 -0500
Subject: [PATCH v4 3/6] host/rootfs: Unshare a few more namespaces in
 virtiofsd
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20251203-sandbox-v4-3-71542a7dcf5c@gmail.com>
References: <20251203-sandbox-v4-0-71542a7dcf5c@gmail.com>
In-Reply-To: <20251203-sandbox-v4-0-71542a7dcf5c@gmail.com>
To: Spectrum OS Development <devel@spectrum-os.org>
X-Mailer: b4 0.14.3
X-Developer-Signature: v=1; a=ed25519-sha256; t=1764814837; l=1069;
 i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id;
 bh=3Kx19LfmqXD9fGe+RFQpTpDKwMIinU17RxOURwcEwko=;
 b=tkdFEGwKK3X0NECzGRrBqqTuyVvjSQUOTi9i2Jl4uUZ9YHVY3nel+wQ+ebtejg3W06fHjNvxj
 jS+FE7RHMHHDv29MgTJfpFdWUcEuJjTvxm618z6n9VBsbOobbIpTmhI
X-Developer-Key: i=demiobenour@gmail.com; a=ed25519;
 pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0=
Message-ID-Hash: BGLADRFQRMF7IC674FMEJ7L6C6VV7D4S
X-Message-ID-Hash: BGLADRFQRMF7IC674FMEJ7L6C6VV7D4S
X-MailFrom: demiobenour@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>, Alyssa Ross <hi@alyssa.is>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/BGLADRFQRMF7IC674FMEJ7L6C6VV7D4S/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

It doesn't need to share IPC, UTS, or cgroup namespaces.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
---
 .../service/vm-services/template/data/service/vhost-user-fs/run         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-fs/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-fs/run
index bfe66f4607ab07884488df35691ba1c202b26e8e..6bd69ad944a464294ad9a3268c8a63482c7e8040 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-fs/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-fs/run
@@ -13,6 +13,6 @@ export TMPDIR /run
 importas -i VM VM
 
 nsenter --mount=${VM}/mount
-unshare -U --map-user 1000 --map-group 1000
+unshare -U --map-user 1000 --map-group 1000 --uts --ipc --cgroup
 
 virtiofsd --fd 3 --shared-dir ${VM}/fs

-- 
2.52.0