[PATCH 1/5] host/rootfs: make passwd and group links into /run

[PATCH 1/5] host/rootfs: make passwd and group links into /run

[Alyssa Ross]

This will allow us to give shadow's useradd /run as a prefix, and have
it be able to add users at runtime.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/file-list.mk                         |  6 ++++--
 host/rootfs/image/etc/group                      | 16 +---------------
 host/rootfs/image/etc/passwd                     |  2 +-
 .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
 .../run-image/etc}/group.license                 |  0
 .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
 .../run-image/etc}/passwd.license                |  0
 7 files changed, 6 insertions(+), 18 deletions(-)
 mode change 100644 => 120000 host/rootfs/image/etc/group
 mode change 100644 => 120000 host/rootfs/image/etc/passwd
 copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
 rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
 copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
 rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)

diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
index df22bce..6ab78e6 100644
--- a/host/rootfs/file-list.mk
+++ b/host/rootfs/file-list.mk
@@ -4,13 +4,13 @@
 FILES = \
 	image/etc/fonts/fonts.conf \
 	image/etc/fstab \
-	image/etc/group \
 	image/etc/init \
 	image/etc/login \
 	image/etc/parse-devname \
-	image/etc/passwd \
 	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
 	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
+	image/etc/s6-linux-init/run-image/etc/group \
+	image/etc/s6-linux-init/run-image/etc/passwd \
 	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
 	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
 	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
@@ -68,6 +68,8 @@ FILES = \
 
 LINKS = \
 	image/bin \
+	image/etc/group \
+	image/etc/passwd \
 	image/etc/s6-linux-init/run-image/opengl-driver \
 	image/etc/s6-linux-init/run-image/service/vmm/template/run \
 	image/lib \
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
deleted file mode 100644
index e3ade46..0000000
--- a/host/rootfs/image/etc/group
+++ /dev/null
@@ -1,15 +0,0 @@
-root:x:0:root
-clock:x:1:
-dialout:x:2:
-kmem:x:3:
-input:x:4:
-tty:x:5:
-video:x:6:
-render:x:7:
-sgx:x:8:
-audio:x:9:
-lp:x:10:
-disk:x:11:
-cdrom:x:12:
-tape:x:13:
-kvm:x:14:
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
new file mode 120000
index 0000000..a9b248e
--- /dev/null
+++ b/host/rootfs/image/etc/group
@@ -0,0 +1 @@
+/run/etc/group
\ No newline at end of file
diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
deleted file mode 100644
index 29f3b25..0000000
--- a/host/rootfs/image/etc/passwd
+++ /dev/null
@@ -1 +0,0 @@
-root:x:0:0:System administrator:/:/bin/sh
diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
new file mode 120000
index 0000000..889bb76
--- /dev/null
+++ b/host/rootfs/image/etc/passwd
@@ -0,0 +1 @@
+/run/etc/passwd
\ No newline at end of file
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
similarity index 100%
copy from host/rootfs/image/etc/group
copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
similarity index 100%
rename from host/rootfs/image/etc/group.license
rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
similarity index 100%
copy from host/rootfs/image/etc/passwd
copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
similarity index 100%
rename from host/rootfs/image/etc/passwd.license
rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license

base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
-- 
2.51.0

[PATCH 2/5] host/rootfs: install shadow

[Alyssa Ross]

Busybox's adduser is hardcoded to operate on /etc/passwd and create
/etc/passwd+ as a temporary file, which won't work for us with
read-only /.  Shadow's useradd supports specifying a prefix, so it
will be able to operate on /run/etc/passwd and create sibling
temporary files.  This will let us create new users at runtime.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/busybox-config |  3 +++
 host/rootfs/default.nix    | 11 ++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/host/rootfs/busybox-config b/host/rootfs/busybox-config
index f2fd5fc..1868773 100644
--- a/host/rootfs/busybox-config
+++ b/host/rootfs/busybox-config
@@ -11,6 +11,7 @@ CONFIG_CHATTR n
 CONFIG_CHCPU n
 CONFIG_CHMEM n
 CONFIG_CHOOM n
+CONFIG_CHPASSWD n
 CONFIG_CHRT n
 CONFIG_COLCRT n
 CONFIG_COLRM n
@@ -57,6 +58,7 @@ CONFIG_LDATTACH n
 CONFIG_LINUX32 n
 CONFIG_LINUX64 n
 CONFIG_LOGGER n
+CONFIG_LOGIN n
 CONFIG_LOOK n
 CONFIG_LOSETUP n
 CONFIG_LSATTR n
@@ -88,6 +90,7 @@ CONFIG_NAMEI n
 CONFIG_NOLOGIN n
 CONFIG_NSENTER n
 CONFIG_PARTX n
+CONFIG_PASSWD n
 CONFIG_PIPESZ n
 CONFIG_PIVOT_ROOT n
 CONFIG_POWEROFF n
diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index abdd8b2..d86d8cc 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -13,7 +13,7 @@ pkgsMusl.callPackage (
 , btrfs-progs, bubblewrap, busybox, cloud-hypervisor, cosmic-files
 , crosvm, cryptsetup, dejavu_fonts, dbus, execline, foot, fuse3
 , iproute2, inotify-tools, jq, kmod, mdevd, mesa, mount-flatpak, s6
-, s6-linux-init, socat, systemd, util-linuxMinimal, virtiofsd
+, s6-linux-init, shadow, socat, systemd, util-linuxMinimal, virtiofsd
 , westonLite, xdg-desktop-portal, xdg-desktop-portal-gtk
 , xdg-desktop-portal-spectrum-host
 }:
@@ -27,8 +27,8 @@ let
   packages = [
     btrfs-progs bubblewrap cloud-hypervisor cosmic-files crosvm cryptsetup dbus
     execline fuse3 inotify-tools iproute2 jq kmod mdevd mount-flatpak s6
-    s6-linux-init s6-rc socat spectrum-host-tools spectrum-router
-    util-linuxMinimal virtiofsd xdg-desktop-portal-spectrum-host
+    s6-linux-init s6-rc shadow socat spectrum-host-tools spectrum-router
+    virtiofsd xdg-desktop-portal-spectrum-host
 
     (foot.override { allowPgo = false; })
 
@@ -36,6 +36,11 @@ let
       # Use a separate file as it is a bit too big.
       extraConfig = builtins.readFile ./busybox-config;
     })
+
+    (util-linuxMinimal.overrideAttrs ({ configureFlags ? [], ... }: {
+      # Conflicts with shadow.
+      configureFlags = configureFlags ++ [ "--disable-nologin" ];
+    }))
   ];
 
   nixosAllHardware = nixos ({ modulesPath, ... }: {
-- 
2.51.0

[PATCH 3/5] host/rootfs: move Wayland out of XDG_RUNTIME_DIR

[Alyssa Ross]

XDG_RUNTIME_DIR doesn't play well with running the compositor as a
different user to clients.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY     | 2 +-
 .../vm-services/template/data/service/vhost-user-gpu/run    | 6 ++++--
 host/rootfs/image/etc/s6-rc/weston/run                      | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY b/host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY
index 5ff1a40..bbd390c 100644
--- a/host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY
+++ b/host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY
@@ -1 +1 @@
-wayland-1
+/run/wayland
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
index 73d6cae..6ee9959 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
@@ -5,12 +5,14 @@
 
 s6-ipcserver -1a 0700 -c 1 -b 1 env/crosvm.sock
 
+importas -Si WAYLAND_DISPLAY
+
 bwrap
   --unshare-all
   # --unshare-all only implies --unshare-user-try.
   # Make this more than a "try".
   --unshare-user
-  --bind /run/user/0/wayland-1 /run/user/0/wayland-1
+  --bind $WAYLAND_DISPLAY $WAYLAND_DISPLAY
   --ro-bind /usr /usr
   --ro-bind /lib /lib
   --tmpfs /tmp
@@ -35,5 +37,5 @@ bwrap
   --
 crosvm --no-syslog device gpu
   --fd 0
-  --wayland-sock /run/user/0/wayland-1
+  --wayland-sock $WAYLAND_DISPLAY
   --params "{\"context-types\":\"cross-domain\"}"
diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
index 41e42e6..1647990 100644
--- a/host/rootfs/image/etc/s6-rc/weston/run
+++ b/host/rootfs/image/etc/s6-rc/weston/run
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: EUPL-1.2+
 # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
 
-unexport WAYLAND_DISPLAY
+importas -Siu WAYLAND_DISPLAY
 
 if { mkdir -p -m 0700 /run/user/0 }
 
@@ -18,4 +18,4 @@ importas -i home HOME
 cd $home
 if { udevadm wait /dev/dri/card0 }
 unshare --cgroup --ipc --net --uts
-weston
+weston -S $WAYLAND_DISPLAY
-- 
2.51.0

[PATCH 4/5] host/rootfs: weston: add XDG_RUNTIME_DIR note

[Alyssa Ross]

There's no need to set this any more except that Weston checks for its
validity overenthusiastically.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/image/etc/s6-rc/weston/run | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
index 1647990..aa1e7b6 100644
--- a/host/rootfs/image/etc/s6-rc/weston/run
+++ b/host/rootfs/image/etc/s6-rc/weston/run
@@ -1,9 +1,11 @@
 #!/bin/execlineb -P
 # SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2021, 2025 Alyssa Ross <hi@alyssa.is>
 
 importas -Siu WAYLAND_DISPLAY
 
+# Workaround for
+# https://gitlab.freedesktop.org/wayland/weston/-/merge_requests/1911
 if { mkdir -p -m 0700 /run/user/0 }
 
 backtick USER { id -un }
-- 
2.51.0

[PATCH 5/5] host/rootfs: add wayland group

[Alyssa Ross]

This will allow clients running as unprivileged users to connect to
the compositor.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
 host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
index e3ade46..fe72eb7 100644
--- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
@@ -13,3 +13,4 @@ disk:x:11:
 cdrom:x:12:
 tape:x:13:
 kvm:x:14:
+wayland:x:15:
diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
index aa1e7b6..7cb182f 100644
--- a/host/rootfs/image/etc/s6-rc/weston/run
+++ b/host/rootfs/image/etc/s6-rc/weston/run
@@ -20,4 +20,9 @@ importas -i home HOME
 cd $home
 if { udevadm wait /dev/dri/card0 }
 unshare --cgroup --ipc --net --uts
+
+s6-envuidgid root
+s6-envuidgid -g wayland
+s6-applyuidgid -Uz
+umask 002
 weston -S $WAYLAND_DISPLAY
-- 
2.51.0

[PATCH 6/6] host/rootfs: run crosvm device gpu as non-root

[Alyssa Ross]

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 .../template/data/service/vhost-user-gpu/run          | 11 +++++++++--
 host/rootfs/image/usr/bin/run-appimage                |  1 +
 host/rootfs/image/usr/bin/run-flatpak                 |  1 +
 host/rootfs/image/usr/bin/vm-import                   |  1 +
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
index 6ee99599..1341691b 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
@@ -3,9 +3,16 @@
 # SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
 # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
 
-s6-ipcserver -1a 0700 -c 1 -b 1 env/crosvm.sock
+s6-ipcserver-socketbinder -a 0700 -b 1 env/crosvm.sock
 
-importas -Si WAYLAND_DISPLAY
+multisubstitute {
+  importas -Siu VM
+  importas -Si WAYLAND_DISPLAY
+}
+
+s6-envuidgid gpu-${VM}
+s6-applyuidgid -UzG 15 # wayland
+s6-ipcserverd -1c 1
 
 bwrap
   --unshare-all
diff --git a/host/rootfs/image/usr/bin/run-appimage b/host/rootfs/image/usr/bin/run-appimage
index f2fe7bc2..36f57b85 100755
--- a/host/rootfs/image/usr/bin/run-appimage
+++ b/host/rootfs/image/usr/bin/run-appimage
@@ -4,6 +4,7 @@
 
 backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX }
 backtick -E id { basename -- $dir }
+if { useradd -P /run -Urd / -s /bin/nologin gpu-${id} }
 
 if { mkdir -p /run/configs/${id}/fs }
 
diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/usr/bin/run-flatpak
index d7914a7a..2ef20433 100755
--- a/host/rootfs/image/usr/bin/run-flatpak
+++ b/host/rootfs/image/usr/bin/run-flatpak
@@ -4,6 +4,7 @@
 
 backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX }
 backtick -E id { basename -- $dir }
+if { useradd -P /run -Urd / -s /bin/nologin gpu-${id} }
 
 if {
   elgetpositionals
diff --git a/host/rootfs/image/usr/bin/vm-import b/host/rootfs/image/usr/bin/vm-import
index c1d1bbc1..19a0df36 100755
--- a/host/rootfs/image/usr/bin/vm-import
+++ b/host/rootfs/image/usr/bin/vm-import
@@ -9,6 +9,7 @@ forx -po0 -E name { $names }
 
 backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX }
 backtick -E id { basename -- $dir }
+if { useradd -P /run -Urd / -s /bin/nologin gpu-${id} }
 
 if { ln -s -- ${dir} /run/vm/by-name/${1}.${name} }
 if { ln -s -- ${2}/${name} ${dir}/config }
-- 
2.51.0

Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run

[Demi Marie Obenour]

[-- Attachment #1.1.1: Type: text/plain, Size: 4633 bytes --]

On 12/9/25 03:56, Alyssa Ross wrote:
> This will allow us to give shadow's useradd /run as a prefix, and have
> it be able to add users at runtime.
> 
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> ---
>  host/rootfs/file-list.mk                         |  6 ++++--
>  host/rootfs/image/etc/group                      | 16 +---------------
>  host/rootfs/image/etc/passwd                     |  2 +-
>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>  .../run-image/etc}/group.license                 |  0
>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>  .../run-image/etc}/passwd.license                |  0

Is git somehow generating wrong diffstats?

>  7 files changed, 6 insertions(+), 18 deletions(-)
>  mode change 100644 => 120000 host/rootfs/image/etc/group
>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
> 
> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
> index df22bce..6ab78e6 100644
> --- a/host/rootfs/file-list.mk
> +++ b/host/rootfs/file-list.mk
> @@ -4,13 +4,13 @@
>  FILES = \
>  	image/etc/fonts/fonts.conf \
>  	image/etc/fstab \
> -	image/etc/group \
>  	image/etc/init \
>  	image/etc/login \
>  	image/etc/parse-devname \
> -	image/etc/passwd \
>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
> +	image/etc/s6-linux-init/run-image/etc/group \
> +	image/etc/s6-linux-init/run-image/etc/passwd \
>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
> @@ -68,6 +68,8 @@ FILES = \
>  
>  LINKS = \
>  	image/bin \
> +	image/etc/group \
> +	image/etc/passwd \
>  	image/etc/s6-linux-init/run-image/opengl-driver \
>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>  	image/lib \
> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
> deleted file mode 100644
> index e3ade46..0000000
> --- a/host/rootfs/image/etc/group
> +++ /dev/null
> @@ -1,15 +0,0 @@
> -root:x:0:root
> -clock:x:1:
> -dialout:x:2:
> -kmem:x:3:
> -input:x:4:
> -tty:x:5:
> -video:x:6:
> -render:x:7:
> -sgx:x:8:
> -audio:x:9:
> -lp:x:10:
> -disk:x:11:
> -cdrom:x:12:
> -tape:x:13:
> -kvm:x:14:

Why is this file deleted and not renamed?

> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
> new file mode 120000
> index 0000000..a9b248e
> --- /dev/null
> +++ b/host/rootfs/image/etc/group
> @@ -0,0 +1 @@
> +/run/etc/group

../run/etc/group?

> \ No newline at end of file
> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
> deleted file mode 100644
> index 29f3b25..0000000
> --- a/host/rootfs/image/etc/passwd
> +++ /dev/null
> @@ -1 +0,0 @@
> -root:x:0:0:System administrator:/:/bin/sh
> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
> new file mode 120000
> index 0000000..889bb76
> --- /dev/null
> +++ b/host/rootfs/image/etc/passwd
> @@ -0,0 +1 @@
> +/run/etc/passwd

../run/etc/passwd?

> \ No newline at end of file
> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> similarity index 100%
> copy from host/rootfs/image/etc/group
> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
> similarity index 100%
> rename from host/rootfs/image/etc/group.license
> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
> similarity index 100%
> copy from host/rootfs/image/etc/passwd
> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
> similarity index 100%
> rename from host/rootfs/image/etc/passwd.license
> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
> 
> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409


-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH 5/5] host/rootfs: add wayland group

[Demi Marie Obenour]

[-- Attachment #1.1.1: Type: text/plain, Size: 1370 bytes --]

On 12/9/25 03:56, Alyssa Ross wrote:
> This will allow clients running as unprivileged users to connect to
> the compositor.
> 
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> ---
>  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
>  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
>  2 files changed, 6 insertions(+)
> 
> diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> index e3ade46..fe72eb7 100644
> --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> @@ -13,3 +13,4 @@ disk:x:11:
>  cdrom:x:12:
>  tape:x:13:
>  kvm:x:14:
> +wayland:x:15:
> diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
> index aa1e7b6..7cb182f 100644
> --- a/host/rootfs/image/etc/s6-rc/weston/run
> +++ b/host/rootfs/image/etc/s6-rc/weston/run
> @@ -20,4 +20,9 @@ importas -i home HOME
>  cd $home
>  if { udevadm wait /dev/dri/card0 }
>  unshare --cgroup --ipc --net --uts
> +
> +s6-envuidgid root
> +s6-envuidgid -g wayland
> +s6-applyuidgid -Uz
> +umask 002
>  weston -S $WAYLAND_DISPLAY

Can the socket be chmod'd after Weston starts?  Running with 002
umask is not great.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run

[Alyssa Ross]

[-- Attachment #1: Type: text/plain, Size: 5057 bytes --]

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 12/9/25 03:56, Alyssa Ross wrote:
>> This will allow us to give shadow's useradd /run as a prefix, and have
>> it be able to add users at runtime.
>> 
>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>> ---
>>  host/rootfs/file-list.mk                         |  6 ++++--
>>  host/rootfs/image/etc/group                      | 16 +---------------
>>  host/rootfs/image/etc/passwd                     |  2 +-
>>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>>  .../run-image/etc}/group.license                 |  0
>>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>>  .../run-image/etc}/passwd.license                |  0
>
> Is git somehow generating wrong diffstats?

It just generates extremely confusing output when you replace a file
with a symlink.

>>  7 files changed, 6 insertions(+), 18 deletions(-)
>>  mode change 100644 => 120000 host/rootfs/image/etc/group
>>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
>> 
>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>> index df22bce..6ab78e6 100644
>> --- a/host/rootfs/file-list.mk
>> +++ b/host/rootfs/file-list.mk
>> @@ -4,13 +4,13 @@
>>  FILES = \
>>  	image/etc/fonts/fonts.conf \
>>  	image/etc/fstab \
>> -	image/etc/group \
>>  	image/etc/init \
>>  	image/etc/login \
>>  	image/etc/parse-devname \
>> -	image/etc/passwd \
>>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
>> +	image/etc/s6-linux-init/run-image/etc/group \
>> +	image/etc/s6-linux-init/run-image/etc/passwd \
>>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
>> @@ -68,6 +68,8 @@ FILES = \
>>  
>>  LINKS = \
>>  	image/bin \
>> +	image/etc/group \
>> +	image/etc/passwd \
>>  	image/etc/s6-linux-init/run-image/opengl-driver \
>>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>>  	image/lib \
>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>> deleted file mode 100644
>> index e3ade46..0000000
>> --- a/host/rootfs/image/etc/group
>> +++ /dev/null
>> @@ -1,15 +0,0 @@
>> -root:x:0:root
>> -clock:x:1:
>> -dialout:x:2:
>> -kmem:x:3:
>> -input:x:4:
>> -tty:x:5:
>> -video:x:6:
>> -render:x:7:
>> -sgx:x:8:
>> -audio:x:9:
>> -lp:x:10:
>> -disk:x:11:
>> -cdrom:x:12:
>> -tape:x:13:
>> -kvm:x:14:
>
> Why is this file deleted and not renamed?

git considers it a copy (see below) followed by a deletion and
replacement with symlink.  It is, effectively, renamed.

>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>> new file mode 120000
>> index 0000000..a9b248e
>> --- /dev/null
>> +++ b/host/rootfs/image/etc/group
>> @@ -0,0 +1 @@
>> +/run/etc/group
>
> ../run/etc/group?

Okay, makes sense.

>> \ No newline at end of file
>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>> deleted file mode 100644
>> index 29f3b25..0000000
>> --- a/host/rootfs/image/etc/passwd
>> +++ /dev/null
>> @@ -1 +0,0 @@
>> -root:x:0:0:System administrator:/:/bin/sh
>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>> new file mode 120000
>> index 0000000..889bb76
>> --- /dev/null
>> +++ b/host/rootfs/image/etc/passwd
>> @@ -0,0 +1 @@
>> +/run/etc/passwd
>
> ../run/etc/passwd?
>
>> \ No newline at end of file
>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>> similarity index 100%
>> copy from host/rootfs/image/etc/group
>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>> similarity index 100%
>> rename from host/rootfs/image/etc/group.license
>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>> similarity index 100%
>> copy from host/rootfs/image/etc/passwd
>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>> similarity index 100%
>> rename from host/rootfs/image/etc/passwd.license
>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>> 
>> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
>
>
> -- 
> Sincerely,
> Demi Marie Obenour (she/her/hers)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

Re: [PATCH 5/5] host/rootfs: add wayland group

[Alyssa Ross]

[-- Attachment #1: Type: text/plain, Size: 1534 bytes --]

On Tue, Dec 09, 2025 at 05:55:22AM -0500, Demi Marie Obenour wrote:
> On 12/9/25 03:56, Alyssa Ross wrote:
> > This will allow clients running as unprivileged users to connect to
> > the compositor.
> >
> > Signed-off-by: Alyssa Ross <hi@alyssa.is>
> > ---
> >  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
> >  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
> >  2 files changed, 6 insertions(+)
> >
> > diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > index e3ade46..fe72eb7 100644
> > --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > @@ -13,3 +13,4 @@ disk:x:11:
> >  cdrom:x:12:
> >  tape:x:13:
> >  kvm:x:14:
> > +wayland:x:15:
> > diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
> > index aa1e7b6..7cb182f 100644
> > --- a/host/rootfs/image/etc/s6-rc/weston/run
> > +++ b/host/rootfs/image/etc/s6-rc/weston/run
> > @@ -20,4 +20,9 @@ importas -i home HOME
> >  cd $home
> >  if { udevadm wait /dev/dri/card0 }
> >  unshare --cgroup --ipc --net --uts
> > +
> > +s6-envuidgid root
> > +s6-envuidgid -g wayland
> > +s6-applyuidgid -Uz
> > +umask 002
> >  weston -S $WAYLAND_DISPLAY
>
> Can the socket be chmod'd after Weston starts?  Running with 002
> umask is not great.

If we use sd-notify-adapter, then I think so, but it wouldn't be very
nice.

What's the problem with umask 002?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

Re: [PATCH 5/5] host/rootfs: add wayland group

[Demi Marie Obenour]

[-- Attachment #1.1.1: Type: text/plain, Size: 2018 bytes --]

On 12/9/25 05:59, Alyssa Ross wrote:
> On Tue, Dec 09, 2025 at 05:55:22AM -0500, Demi Marie Obenour wrote:
>> On 12/9/25 03:56, Alyssa Ross wrote:
>>> This will allow clients running as unprivileged users to connect to
>>> the compositor.
>>>
>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>> ---
>>>  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
>>>  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
>>>  2 files changed, 6 insertions(+)
>>>
>>> diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> index e3ade46..fe72eb7 100644
>>> --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> @@ -13,3 +13,4 @@ disk:x:11:
>>>  cdrom:x:12:
>>>  tape:x:13:
>>>  kvm:x:14:
>>> +wayland:x:15:
>>> diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
>>> index aa1e7b6..7cb182f 100644
>>> --- a/host/rootfs/image/etc/s6-rc/weston/run
>>> +++ b/host/rootfs/image/etc/s6-rc/weston/run
>>> @@ -20,4 +20,9 @@ importas -i home HOME
>>>  cd $home
>>>  if { udevadm wait /dev/dri/card0 }
>>>  unshare --cgroup --ipc --net --uts
>>> +
>>> +s6-envuidgid root
>>> +s6-envuidgid -g wayland
>>> +s6-applyuidgid -Uz
>>> +umask 002
>>>  weston -S $WAYLAND_DISPLAY
>>
>> Can the socket be chmod'd after Weston starts?  Running with 002
>> umask is not great.
> 
> If we use sd-notify-adapter, then I think so, but it wouldn't be very
> nice.

Using sd-notify-adapter is probably a good idea anyway, so that nothing
tries to connect to the socket before it is there to connect to.

> What's the problem with umask 002?

It means that any files created by the service are group-writable and
world-readable, which is almost never what one wants.  It means that
the service can't even trust a file it itself created.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run

[Demi Marie Obenour]

[-- Attachment #1.1.1: Type: text/plain, Size: 5426 bytes --]

On 12/9/25 05:57, Alyssa Ross wrote:
> Demi Marie Obenour <demiobenour@gmail.com> writes:
> 
>> On 12/9/25 03:56, Alyssa Ross wrote:
>>> This will allow us to give shadow's useradd /run as a prefix, and have
>>> it be able to add users at runtime.
>>>
>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>> ---
>>>  host/rootfs/file-list.mk                         |  6 ++++--
>>>  host/rootfs/image/etc/group                      | 16 +---------------
>>>  host/rootfs/image/etc/passwd                     |  2 +-
>>>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>>>  .../run-image/etc}/group.license                 |  0
>>>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>>>  .../run-image/etc}/passwd.license                |  0
>>
>> Is git somehow generating wrong diffstats?
> 
> It just generates extremely confusing output when you replace a file
> with a symlink.
> 
>>>  7 files changed, 6 insertions(+), 18 deletions(-)
>>>  mode change 100644 => 120000 host/rootfs/image/etc/group
>>>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
>>>
>>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>>> index df22bce..6ab78e6 100644
>>> --- a/host/rootfs/file-list.mk
>>> +++ b/host/rootfs/file-list.mk
>>> @@ -4,13 +4,13 @@
>>>  FILES = \
>>>  	image/etc/fonts/fonts.conf \
>>>  	image/etc/fstab \
>>> -	image/etc/group \
>>>  	image/etc/init \
>>>  	image/etc/login \
>>>  	image/etc/parse-devname \
>>> -	image/etc/passwd \
>>>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>>>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
>>> +	image/etc/s6-linux-init/run-image/etc/group \
>>> +	image/etc/s6-linux-init/run-image/etc/passwd \
>>>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>>>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>>>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
>>> @@ -68,6 +68,8 @@ FILES = \
>>>  
>>>  LINKS = \
>>>  	image/bin \
>>> +	image/etc/group \
>>> +	image/etc/passwd \
>>>  	image/etc/s6-linux-init/run-image/opengl-driver \
>>>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>>>  	image/lib \
>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>> deleted file mode 100644
>>> index e3ade46..0000000
>>> --- a/host/rootfs/image/etc/group
>>> +++ /dev/null
>>> @@ -1,15 +0,0 @@
>>> -root:x:0:root
>>> -clock:x:1:
>>> -dialout:x:2:
>>> -kmem:x:3:
>>> -input:x:4:
>>> -tty:x:5:
>>> -video:x:6:
>>> -render:x:7:
>>> -sgx:x:8:
>>> -audio:x:9:
>>> -lp:x:10:
>>> -disk:x:11:
>>> -cdrom:x:12:
>>> -tape:x:13:
>>> -kvm:x:14:
>>
>> Why is this file deleted and not renamed?
> 
> git considers it a copy (see below) followed by a deletion and
> replacement with symlink.  It is, effectively, renamed.
> 
>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>> new file mode 120000
>>> index 0000000..a9b248e
>>> --- /dev/null
>>> +++ b/host/rootfs/image/etc/group
>>> @@ -0,0 +1 @@
>>> +/run/etc/group
>>
>> ../run/etc/group?
> 
> Okay, makes sense.
> 
>>> \ No newline at end of file
>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>> deleted file mode 100644
>>> index 29f3b25..0000000
>>> --- a/host/rootfs/image/etc/passwd
>>> +++ /dev/null
>>> @@ -1 +0,0 @@
>>> -root:x:0:0:System administrator:/:/bin/sh
>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>> new file mode 120000
>>> index 0000000..889bb76
>>> --- /dev/null
>>> +++ b/host/rootfs/image/etc/passwd
>>> @@ -0,0 +1 @@
>>> +/run/etc/passwd
>>
>> ../run/etc/passwd?
>>
>>> \ No newline at end of file
>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> similarity index 100%
>>> copy from host/rootfs/image/etc/group
>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>> similarity index 100%
>>> rename from host/rootfs/image/etc/group.license
>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>> similarity index 100%
>>> copy from host/rootfs/image/etc/passwd
>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>> similarity index 100%
>>> rename from host/rootfs/image/etc/passwd.license
>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>
>>> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
>>
>>
>> -- 
>> Sincerely,
>> Demi Marie Obenour (she/her/hers)

Assuming I understood the diff correctly, and with relative symlinks:

Reviewed-by: Demi Marie Obenour <demiobenour@gmail.com>
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH 5/5] host/rootfs: add wayland group

[Alyssa Ross]

[-- Attachment #1: Type: text/plain, Size: 2270 bytes --]

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 12/9/25 05:59, Alyssa Ross wrote:
>> On Tue, Dec 09, 2025 at 05:55:22AM -0500, Demi Marie Obenour wrote:
>>> On 12/9/25 03:56, Alyssa Ross wrote:
>>>> This will allow clients running as unprivileged users to connect to
>>>> the compositor.
>>>>
>>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>>> ---
>>>>  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
>>>>  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
>>>>  2 files changed, 6 insertions(+)
>>>>
>>>> diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> index e3ade46..fe72eb7 100644
>>>> --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> @@ -13,3 +13,4 @@ disk:x:11:
>>>>  cdrom:x:12:
>>>>  tape:x:13:
>>>>  kvm:x:14:
>>>> +wayland:x:15:
>>>> diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
>>>> index aa1e7b6..7cb182f 100644
>>>> --- a/host/rootfs/image/etc/s6-rc/weston/run
>>>> +++ b/host/rootfs/image/etc/s6-rc/weston/run
>>>> @@ -20,4 +20,9 @@ importas -i home HOME
>>>>  cd $home
>>>>  if { udevadm wait /dev/dri/card0 }
>>>>  unshare --cgroup --ipc --net --uts
>>>> +
>>>> +s6-envuidgid root
>>>> +s6-envuidgid -g wayland
>>>> +s6-applyuidgid -Uz
>>>> +umask 002
>>>>  weston -S $WAYLAND_DISPLAY
>>>
>>> Can the socket be chmod'd after Weston starts?  Running with 002
>>> umask is not great.
>> 
>> If we use sd-notify-adapter, then I think so, but it wouldn't be very
>> nice.
>
> Using sd-notify-adapter is probably a good idea anyway, so that nothing
> tries to connect to the socket before it is there to connect to.

Oh, right, we actually already have readiness notification via
/etc/xdg/weston/autolaunch.  It won't run as root soon, but we could
wait for that in the run script and do the chmod there.

>> What's the problem with umask 002?
>
> It means that any files created by the service are group-writable and
> world-readable, which is almost never what one wants.  It means that
> the service can't even trust a file it itself created.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run

[Alyssa Ross]

[-- Attachment #1: Type: text/plain, Size: 5795 bytes --]

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 12/9/25 05:57, Alyssa Ross wrote:
>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>> 
>>> On 12/9/25 03:56, Alyssa Ross wrote:
>>>> This will allow us to give shadow's useradd /run as a prefix, and have
>>>> it be able to add users at runtime.
>>>>
>>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>>> ---
>>>>  host/rootfs/file-list.mk                         |  6 ++++--
>>>>  host/rootfs/image/etc/group                      | 16 +---------------
>>>>  host/rootfs/image/etc/passwd                     |  2 +-
>>>>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>>>>  .../run-image/etc}/group.license                 |  0
>>>>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>>>>  .../run-image/etc}/passwd.license                |  0
>>>
>>> Is git somehow generating wrong diffstats?
>> 
>> It just generates extremely confusing output when you replace a file
>> with a symlink.
>> 
>>>>  7 files changed, 6 insertions(+), 18 deletions(-)
>>>>  mode change 100644 => 120000 host/rootfs/image/etc/group
>>>>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
>>>>
>>>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>>>> index df22bce..6ab78e6 100644
>>>> --- a/host/rootfs/file-list.mk
>>>> +++ b/host/rootfs/file-list.mk
>>>> @@ -4,13 +4,13 @@
>>>>  FILES = \
>>>>  	image/etc/fonts/fonts.conf \
>>>>  	image/etc/fstab \
>>>> -	image/etc/group \
>>>>  	image/etc/init \
>>>>  	image/etc/login \
>>>>  	image/etc/parse-devname \
>>>> -	image/etc/passwd \
>>>>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>>>>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
>>>> +	image/etc/s6-linux-init/run-image/etc/group \
>>>> +	image/etc/s6-linux-init/run-image/etc/passwd \
>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
>>>> @@ -68,6 +68,8 @@ FILES = \
>>>>  
>>>>  LINKS = \
>>>>  	image/bin \
>>>> +	image/etc/group \
>>>> +	image/etc/passwd \
>>>>  	image/etc/s6-linux-init/run-image/opengl-driver \
>>>>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>>>>  	image/lib \
>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>>> deleted file mode 100644
>>>> index e3ade46..0000000
>>>> --- a/host/rootfs/image/etc/group
>>>> +++ /dev/null
>>>> @@ -1,15 +0,0 @@
>>>> -root:x:0:root
>>>> -clock:x:1:
>>>> -dialout:x:2:
>>>> -kmem:x:3:
>>>> -input:x:4:
>>>> -tty:x:5:
>>>> -video:x:6:
>>>> -render:x:7:
>>>> -sgx:x:8:
>>>> -audio:x:9:
>>>> -lp:x:10:
>>>> -disk:x:11:
>>>> -cdrom:x:12:
>>>> -tape:x:13:
>>>> -kvm:x:14:
>>>
>>> Why is this file deleted and not renamed?
>> 
>> git considers it a copy (see below) followed by a deletion and
>> replacement with symlink.  It is, effectively, renamed.
>> 
>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>>> new file mode 120000
>>>> index 0000000..a9b248e
>>>> --- /dev/null
>>>> +++ b/host/rootfs/image/etc/group
>>>> @@ -0,0 +1 @@
>>>> +/run/etc/group
>>>
>>> ../run/etc/group?
>> 
>> Okay, makes sense.
>> 
>>>> \ No newline at end of file
>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>>> deleted file mode 100644
>>>> index 29f3b25..0000000
>>>> --- a/host/rootfs/image/etc/passwd
>>>> +++ /dev/null
>>>> @@ -1 +0,0 @@
>>>> -root:x:0:0:System administrator:/:/bin/sh
>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>>> new file mode 120000
>>>> index 0000000..889bb76
>>>> --- /dev/null
>>>> +++ b/host/rootfs/image/etc/passwd
>>>> @@ -0,0 +1 @@
>>>> +/run/etc/passwd
>>>
>>> ../run/etc/passwd?
>>>
>>>> \ No newline at end of file
>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> similarity index 100%
>>>> copy from host/rootfs/image/etc/group
>>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>>> similarity index 100%
>>>> rename from host/rootfs/image/etc/group.license
>>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>>> similarity index 100%
>>>> copy from host/rootfs/image/etc/passwd
>>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>>> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>> similarity index 100%
>>>> rename from host/rootfs/image/etc/passwd.license
>>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>>
>>>> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
>>>
>>>
>>> -- 
>>> Sincerely,
>>> Demi Marie Obenour (she/her/hers)
>
> Assuming I understood the diff correctly, and with relative symlinks:
>
> Reviewed-by: Demi Marie Obenour <demiobenour@gmail.com>

Wait, actually, why do we want relative symlinks?  Previously I've used
them so you can follow the symlinks in the development tree, but that
doesn't work here anyway because there's obviously no run in the tree.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run

[Demi Marie Obenour]

[-- Attachment #1.1.1: Type: text/plain, Size: 6396 bytes --]

On 12/9/25 06:11, Alyssa Ross wrote:
> Demi Marie Obenour <demiobenour@gmail.com> writes:
> 
>> On 12/9/25 05:57, Alyssa Ross wrote:
>>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>>>
>>>> On 12/9/25 03:56, Alyssa Ross wrote:
>>>>> This will allow us to give shadow's useradd /run as a prefix, and have
>>>>> it be able to add users at runtime.
>>>>>
>>>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>>>> ---
>>>>>  host/rootfs/file-list.mk                         |  6 ++++--
>>>>>  host/rootfs/image/etc/group                      | 16 +---------------
>>>>>  host/rootfs/image/etc/passwd                     |  2 +-
>>>>>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>>>>>  .../run-image/etc}/group.license                 |  0
>>>>>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>>>>>  .../run-image/etc}/passwd.license                |  0
>>>>
>>>> Is git somehow generating wrong diffstats?
>>>
>>> It just generates extremely confusing output when you replace a file
>>> with a symlink.
>>>
>>>>>  7 files changed, 6 insertions(+), 18 deletions(-)
>>>>>  mode change 100644 => 120000 host/rootfs/image/etc/group
>>>>>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>>>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>>>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>>>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>>>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
>>>>>
>>>>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>>>>> index df22bce..6ab78e6 100644
>>>>> --- a/host/rootfs/file-list.mk
>>>>> +++ b/host/rootfs/file-list.mk
>>>>> @@ -4,13 +4,13 @@
>>>>>  FILES = \
>>>>>  	image/etc/fonts/fonts.conf \
>>>>>  	image/etc/fstab \
>>>>> -	image/etc/group \
>>>>>  	image/etc/init \
>>>>>  	image/etc/login \
>>>>>  	image/etc/parse-devname \
>>>>> -	image/etc/passwd \
>>>>>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>>>>>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
>>>>> +	image/etc/s6-linux-init/run-image/etc/group \
>>>>> +	image/etc/s6-linux-init/run-image/etc/passwd \
>>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
>>>>> @@ -68,6 +68,8 @@ FILES = \
>>>>>  
>>>>>  LINKS = \
>>>>>  	image/bin \
>>>>> +	image/etc/group \
>>>>> +	image/etc/passwd \
>>>>>  	image/etc/s6-linux-init/run-image/opengl-driver \
>>>>>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>>>>>  	image/lib \
>>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>>>> deleted file mode 100644
>>>>> index e3ade46..0000000
>>>>> --- a/host/rootfs/image/etc/group
>>>>> +++ /dev/null
>>>>> @@ -1,15 +0,0 @@
>>>>> -root:x:0:root
>>>>> -clock:x:1:
>>>>> -dialout:x:2:
>>>>> -kmem:x:3:
>>>>> -input:x:4:
>>>>> -tty:x:5:
>>>>> -video:x:6:
>>>>> -render:x:7:
>>>>> -sgx:x:8:
>>>>> -audio:x:9:
>>>>> -lp:x:10:
>>>>> -disk:x:11:
>>>>> -cdrom:x:12:
>>>>> -tape:x:13:
>>>>> -kvm:x:14:
>>>>
>>>> Why is this file deleted and not renamed?
>>>
>>> git considers it a copy (see below) followed by a deletion and
>>> replacement with symlink.  It is, effectively, renamed.
>>>
>>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>>>> new file mode 120000
>>>>> index 0000000..a9b248e
>>>>> --- /dev/null
>>>>> +++ b/host/rootfs/image/etc/group
>>>>> @@ -0,0 +1 @@
>>>>> +/run/etc/group
>>>>
>>>> ../run/etc/group?
>>>
>>> Okay, makes sense.
>>>
>>>>> \ No newline at end of file
>>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>>>> deleted file mode 100644
>>>>> index 29f3b25..0000000
>>>>> --- a/host/rootfs/image/etc/passwd
>>>>> +++ /dev/null
>>>>> @@ -1 +0,0 @@
>>>>> -root:x:0:0:System administrator:/:/bin/sh
>>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>>>> new file mode 120000
>>>>> index 0000000..889bb76
>>>>> --- /dev/null
>>>>> +++ b/host/rootfs/image/etc/passwd
>>>>> @@ -0,0 +1 @@
>>>>> +/run/etc/passwd
>>>>
>>>> ../run/etc/passwd?
>>>>
>>>>> \ No newline at end of file
>>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>>> similarity index 100%
>>>>> copy from host/rootfs/image/etc/group
>>>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>>> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>>>> similarity index 100%
>>>>> rename from host/rootfs/image/etc/group.license
>>>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>>>> similarity index 100%
>>>>> copy from host/rootfs/image/etc/passwd
>>>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>>>> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>>> similarity index 100%
>>>>> rename from host/rootfs/image/etc/passwd.license
>>>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>>>
>>>>> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
>>>>
>>>>
>>>> -- 
>>>> Sincerely,
>>>> Demi Marie Obenour (she/her/hers)
>>
>> Assuming I understood the diff correctly, and with relative symlinks:
>>
>> Reviewed-by: Demi Marie Obenour <demiobenour@gmail.com>
> 
> Wait, actually, why do we want relative symlinks?  Previously I've used
> them so you can follow the symlinks in the development tree, but that
> doesn't work here anyway because there's obviously no run in the tree.

Some tooling refuses to handle absolute symlinks as a security measure.
Not being able to copy a Spectrum development tree using Qubes OS's
qvm-copy would be less than great :).  Furthermore, I'd rather be
pointed to a nonexistent location in the development tree than to
a nonexistent location in the real /run (which, on some systems,
might even exist).
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]