From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 8D79318930;
	Tue, 09 Dec 2025 18:25:01 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id E11AF18921; Tue, 09 Dec 2025 18:24:58 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
Received: from fout-a3-smtp.messagingengine.com
 (fout-a3-smtp.messagingengine.com [103.168.172.146])
	by atuin.qyliss.net (Postfix) with ESMTPS id A1EDD1891D
	for <devel@spectrum-os.org>; Tue, 09 Dec 2025 18:24:56 +0000 (UTC)
Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45])
	by mailfout.phl.internal (Postfix) with ESMTP id 17314EC04D7
	for <devel@spectrum-os.org>; Tue,  9 Dec 2025 13:24:54 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-05.internal (MEProxy); Tue, 09 Dec 2025 13:24:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:content-transfer-encoding:content-type:date:date:from:from
	:in-reply-to:message-id:mime-version:reply-to:subject:subject:to
	:to; s=fm3; t=1765304694; x=1765391094; bh=NJkk+SH5OhD1whAi6frp2
	mwOBiGerStIab+gmj6SuNU=; b=lG8nkupYBA1r5f4LOJbqNaTx/YY1MVGIgbEo0
	Wt0SFVkEk8ravz6LL4PNUU5gyUl29BGFaIEak++JxAfwyoYsj1jX//viJH8iiEkb
	wIzfGj8BCyUJBjELB+DNuYIh2G5JcwhUg4YvFsg3i4MHQzhhbGjnYPkpWhMJvXfS
	r0ULooiff0P38OhBsaKcBR9y4S46LXE6wn/u8KHk403e3ZVxRroayhU+N0RWao2h
	6T90gLGV2cgJatBssTzjb3508EdfTGgrKrjaGPYTYvrqK8quhb5lb4qBFKegnixG
	1YmlDHbHc+QEdQsJ4w9BQzmR5ymej3mY65UnlJoVPJ4zRDMLg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:date:date:feedback-id:feedback-id:from:from:in-reply-to
	:message-id:mime-version:reply-to:subject:subject:to:to
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1765304694; x=1765391094; bh=NJkk+SH5OhD1whAi6frp2mwOBiGerStIab+
	gmj6SuNU=; b=CRsTTj0NvQd7k5wJbfrkNAtcCXHwTmbStNZOOxAt26rLr04S85S
	s8/6u6hZmIav53HF4LX7z5N9XfnggKwYPHl2M5AmKIfbDEx9ueVJsWVZ0eL+4vIY
	fWI8prTs6nCgcyvpKap4GwGS22QUgQkItOouzFnjtixQhwzLNklPM3jx/VYDjrX1
	WYlHwHIXfqsi+JyYAVb1Hkhm+iL9gU/Aw52apW0pHM5atQXiBTvzY86vz65E25rF
	R1u2AO0bjrr1UARITH50zU54OCVflG+2BJf4et01i06VYPeDtpnibxyEsw3yKivj
	CzUyvTAII8CZcD/h7nt/yROLZg7qTcIV8QA==
X-ME-Sender: <xms:dWk4aZ7Ih6MhNSOrIiRxc62yIzGxD8tnfuNZ6OJIgTAGVB5dN3uN2A>
    <xme:dWk4aczwUwdIVSrjPHNJ27nsLG8pJiYgj-3YUaVNP1iB_Ao6D2EhN138MnxJr8thd
    xVMBbDWO3PuHRRavpookjZhrofOHNGqPuECBtfip9IcIkHK4juVmg>
X-ME-Received: 
 <xmr:dWk4abib1XW-DDABhXXUnh21ZA6W2A7lmyP37wMggWs67Z80eJ422hjhX6dqK3nSeQ>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvtddvjecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecunecujfgurhephffvufffkffoggfgsedtkeertdertddtne
    cuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucgg
    tffrrghtthgvrhhnpeehvdffgffhteeijefgteeftdfghfdvheeuhedvjedugfeggfelje
    fgleefvefgfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr
    ohhmpehhihesrghlhihsshgrrdhishdpnhgspghrtghpthhtohepuddpmhhouggvpehsmh
    htphhouhhtpdhrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdhoshdrohhrgh
X-ME-Proxy: <xmx:dWk4ae-xGtoLyotOFIA1ysIw7Q6SpeDh0bxnAgWemUkk0xgEG0qjtw>
    <xmx:dWk4aQvosJ8bBOfXLoldFwtPNHs-MjKr4KKDt2t6sTt70M3kDXO5NA>
    <xmx:dWk4adYvZssfzqNy48Fo93lqB5zpGz_laAkkjVeacvzkjrKVUVmLRQ>
    <xmx:dWk4aYqX6beGuSAVVwZwJ3HnUjfBgGD7gGjTsYxVX96o3bkXEnAMhQ>
    <xmx:dmk4aSq8TcdqM7fpfjTr5BZsOhYO-GDs6t_j4qJn7uCG6j5AxCwppTTz>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <devel@spectrum-os.org>; Tue, 9 Dec 2025 13:24:53 -0500 (EST)
Received: by fw12.qyliss.net (Postfix, from userid 1000)
	id 48719651B658; Tue, 09 Dec 2025 19:24:37 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Subject: [PATCH 1/2] host/rootfs: add root-terminal s6-sudod service
Date: Tue,  9 Dec 2025 19:24:01 +0100
Message-ID: <20251209182402.872822-1-hi@alyssa.is>
X-Mailer: git-send-email 2.51.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 3INFCFOVOGC7KSG2MAV7AB34KMNXCS3A
X-Message-ID-Hash: 3INFCFOVOGC7KSG2MAV7AB34KMNXCS3A
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/3INFCFOVOGC7KSG2MAV7AB34KMNXCS3A/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

This will be needed as an interim measure to allow Weston itself to be
run as non-root, without the user losing access to root entirely in
the graphical environment.  Currently, only root can access this
service, so it's redundant, but we can later make the socket
accessible to Weston's user.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/file-list.mk                          |  3 +++
 .../service/root-terminal/notification-fd         |  1 +
 .../service/root-terminal/notification-fd.license |  2 ++
 .../run-image/service/root-terminal/run           | 15 +++++++++++++++
 host/rootfs/image/etc/xdg/weston/weston.ini       |  4 ++--
 host/rootfs/image/usr/bin/root-terminal           |  5 +++++
 6 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd
 create mode 100644 host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd.license
 create mode 100755 host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/run
 create mode 100755 host/rootfs/image/usr/bin/root-terminal

diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
index 6ab78e6b..f69775d2 100644
--- a/host/rootfs/file-list.mk
+++ b/host/rootfs/file-list.mk
@@ -15,6 +15,8 @@ FILES = \
 	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
 	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
 	image/etc/s6-linux-init/run-image/service/getty-tty4/run \
+	image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd \
+	image/etc/s6-linux-init/run-image/service/root-terminal/run \
 	image/etc/s6-linux-init/run-image/service/s6-linux-init-shutdownd/notification-fd \
 	image/etc/s6-linux-init/run-image/service/s6-linux-init-shutdownd/run \
 	image/etc/s6-linux-init/run-image/service/s6-svscan-log/notification-fd \
@@ -54,6 +56,7 @@ FILES = \
 	image/etc/xdg/weston/weston.ini \
 	image/usr/bin/assign-devices \
 	image/usr/bin/create-vm-dependencies \
+	image/usr/bin/root-terminal \
 	image/usr/bin/run-appimage \
 	image/usr/bin/run-flatpak \
 	image/usr/bin/run-vmm \
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd b/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd
new file mode 100644
index 00000000..00750edc
--- /dev/null
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd
@@ -0,0 +1 @@
+3
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd.license b/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd.license
new file mode 100644
index 00000000..0d3d47ca
--- /dev/null
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/notification-fd.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/run
new file mode 100755
index 00000000..67ccfb45
--- /dev/null
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/root-terminal/run
@@ -0,0 +1,15 @@
+#!/bin/execlineb -PW
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
+
+s6-ipcserver-socketbinder -a 0700 /run/root-terminal
+
+fdmove 1 3
+s6-ipcserverd -1P
+
+exec -c
+/bin/export PATH /usr/bin
+/bin/export WAYLAND_DISPLAY ""
+s6-sudod
+cd /
+weston-terminal
diff --git a/host/rootfs/image/etc/xdg/weston/weston.ini b/host/rootfs/image/etc/xdg/weston/weston.ini
index a1f630cf..a4763c6d 100644
--- a/host/rootfs/image/etc/xdg/weston/weston.ini
+++ b/host/rootfs/image/etc/xdg/weston/weston.ini
@@ -6,8 +6,8 @@ path=/etc/xdg/weston/autolaunch
 
 [launcher]
 icon=/usr/share/weston/icon_terminal.png
-displayname=Terminal
-path=/bin/weston-terminal
+displayname=Root Terminal
+path=/bin/root-terminal
 
 [launcher]
 icon=/usr/share/icons/hicolor/20x20/apps/com.system76.CosmicFiles.png
diff --git a/host/rootfs/image/usr/bin/root-terminal b/host/rootfs/image/usr/bin/root-terminal
new file mode 100755
index 00000000..4f2874d1
--- /dev/null
+++ b/host/rootfs/image/usr/bin/root-terminal
@@ -0,0 +1,5 @@
+#!/bin/execlineb -Ws0
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
+
+s6-sudo -- /run/root-terminal $@
-- 
2.51.0