From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 0982512084; Mon, 08 Dec 2025 21:04:55 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 4BDE212080; Mon, 08 Dec 2025 21:04:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fout-a6-smtp.messagingengine.com (fout-a6-smtp.messagingengine.com [103.168.172.149]) by atuin.qyliss.net (Postfix) with ESMTPS id 2FB8F11FDB for ; Mon, 08 Dec 2025 21:04:51 +0000 (UTC) Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45]) by mailfout.phl.internal (Postfix) with ESMTP id 25138EC0575; Mon, 8 Dec 2025 16:04:48 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-05.internal (MEProxy); Mon, 08 Dec 2025 16:04:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm3; t=1765227888; x=1765314288; bh=K2 gIIz0i0LQDaFgcoxDOw7fvfNWMTeTYNcIuWIkFke8=; b=XCwvVLXvsWTL/W5ZL0 9msW3MRsohowwRCXye80lQBqIZH9yNI9sGGE5ibnbuf0zf2nlLDe9v5nmzMHfkak pHaWCBz81d9Vylf1Tg/n+ncbpOPR5Iz7VLw6/sPHZFViSC9qUiqhUZYlRwixyPs6 MB4ict7jA6kCxlSFzXtDfwP+mKCSbp0e2LJOe0+AZ4rcpi/ceFIJWn9+IS0f4AoP 0Qr91I5e0pnGT+qaDWNEIb7c3w+YgK134EdqUfr7QHVTaSQ8eEHWc2f7qHw5qu+U oyCdjC/oxJ9ULpcXeGAs0TeVdbnjqPuTJ0BuQVXGLDs9lRFVf0PM/Xp0rt/hsQvV AaHA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1765227888; x=1765314288; bh=K2gIIz0i0LQDaFgcoxDOw7fvfNWM TeTYNcIuWIkFke8=; b=ZWyMMuIPzWh8PgojvYjoxAUlpzZtOeJhMiHwwt6+JaSy huitv5EOhT54knY1uJMrsynL4+E+P+n6S8qo3zlEqZ/ML94atmpxvWF/o86ZoRTo ZwQfVpWrW+6a9iSDkrhlaFULl18rxirW5JK4Ebvlc7uoVusW40khj3AvBZoTMZZP 28TEghqrcO65aQ7scXBRRw1wTNIEdP7du7Lr/vJtzceajPB8XsDv9zwGlQZSTtQe Hp61ofl2jNA8g4xU6jcS4Q2vmGft9G4dzXCvrbB2f6FfW9LezDaZWqrEAUcrklLN /WvE8IO3Lh9UihYiPTWqmb7o+mro+rmwq7txxtGGIg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddujeejudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefhvfevufffkffogggtgfesthekredtredtjeenucfhrhhomheptehlhihsshgrucft ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepffdvvdeigf euheffieffieeigeehhfdtveevhfejhfelfeethefhkeduveeggfffnecuffhomhgrihhn pehmrghtrhhigidrthhopdhfrghirhihughushhtrdhsphgrtggvpdhmrghtrhhigidroh hrghdpuggrthgrrghtuhhrshgvrhhvihgtvgdrshgvpdhsphgvtghtrhhumhdqohhsrdho rhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephh hisegrlhihshhsrgdrihhspdhnsggprhgtphhtthhopeefpdhmohguvgepshhmthhpohhu thdprhgtphhtthhopeguvghmihhosggvnhhouhhrsehgmhgrihhlrdgtohhmpdhrtghpth htohepjhhohhgrnhhnvghsrdhsuhgvlhhlnhgvrhesmhgrihhlsghogidrohhrghdprhgt phhtthhopeguvghvvghlsehsphgvtghtrhhumhdqohhsrdhorhhg X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 8 Dec 2025 16:04:47 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id 750FD5BB1183; Mon, 08 Dec 2025 22:04:36 +0100 (CET) From: Alyssa Ross To: devel@spectrum-os.org Subject: [PATCH v2 1/2] vm/app/systemd-sysupdate: fix mounting overlay Date: Mon, 8 Dec 2025 22:03:15 +0100 Message-ID: <20251208210416.426243-2-hi@alyssa.is> X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-ID-Hash: 5AVBYGMSFNHRBEB5TQ26ND3NW4LYXQBC X-Message-ID-Hash: 5AVBYGMSFNHRBEB5TQ26ND3NW4LYXQBC X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Demi Marie Obenour , =?UTF-8?q?Johannes=20S=C3=BCllner?= X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This assumed it would be run as root, so has been broken since we stopped running application scripts as root inside img/app VMs. Reported-by: Johannes Süllner Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOqzJswkwzgYyQLKpbfDDp0uo6k?via=fairydust.space&via=matrix.org&via=dataaturservice.se Fixes: 8bfcbf9 ("img/app: run applications as non-root") Signed-off-by: Alyssa Ross --- v2: remove redundant -U flag v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251208154738.300709-1-hi@alyssa.is/ vm/app/systemd-sysupdate/download-update | 1 + 1 file changed, 1 insertion(+) diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update index eada41c..f8f5aed 100755 --- a/vm/app/systemd-sysupdate/download-update +++ b/vm/app/systemd-sysupdate/download-update @@ -3,6 +3,7 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour export LC_ALL C export LANGUAGE C +unshare -mr if { mount -toverlay -olowerdir=/run/virtiofs/virtiofs0/etc:/etc -- overlay /etc } backtick tmpdir { mktemp -d /tmp/sysupdate-XXXXXX } # Not a useless use of cat: if there are NUL bytes in the URL base-commit: 5104fa720ce8b00612c5487fc47124fbf99e58c6 -- 2.51.0