From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 3A4181DACB;
	Wed, 10 Dec 2025 12:48:42 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 87FEF1D97E; Wed, 10 Dec 2025 12:48:29 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fhigh-a6-smtp.messagingengine.com
 (fhigh-a6-smtp.messagingengine.com [103.168.172.157])
	by atuin.qyliss.net (Postfix) with ESMTPS id 9991F1D954
	for <devel@spectrum-os.org>; Wed, 10 Dec 2025 12:48:24 +0000 (UTC)
Received: from phl-compute-06.internal (phl-compute-06.internal [10.202.2.46])
	by mailfhigh.phl.internal (Postfix) with ESMTP id D7A9A14001DD
	for <devel@spectrum-os.org>; Wed, 10 Dec 2025 07:48:21 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-06.internal (MEProxy); Wed, 10 Dec 2025 07:48:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:content-transfer-encoding:content-type:date:date:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to; s=fm3; t=1765370901; x=
	1765457301; bh=2Ru4Lz43d3tYoLX4yRIsHbEE3PhvGMruxsv2Uy1o718=; b=O
	gVRVYM9JpetOdoqJjW5ylpptuG6wEPkgMp/hOakIEMolOR59E+QdKqHQu8ydLJZW
	c6JyDhNUDHLvVtVUzah1THwHjVXeKvddyQT3HR89qHzmA59YyGbwSkt0suuZgcEq
	1nftDA06s2HiFYO9hPPXbaWqGPSvy/GV4bCEK4rJ/4p6AYf6efjVv4UqX4OZ9xB1
	1Andv2owYUlKh3yGtquzIfutPBf+ElDe/ti8dAInPmZD4g7P/OYmlEPAXO0VPtdv
	PWaFsEwqTspy1YxgGhECQhHgaOdDmbgCiclBM1jnecAZw1nokeVFz+IM1qdYYIvI
	Gzg0YZoTM9IQVtZ21xuig==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:date:date:feedback-id:feedback-id:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; t=1765370901; x=1765457301; bh=2Ru4Lz43d3tYoLX4yRIsHbEE3Phv
	GMruxsv2Uy1o718=; b=T4d418kTSTaGzv7j97cET4Eu1W5XeUN+3lBWU1GdtsdJ
	1oYjajZYGyWjLtQylUcRo0mbL7TcXCIJr8dtRIIMUJliPssCQqVNVJFCQuVZbM1f
	CbpmIuiLCZyKC5X4nGUcSdVSHc5ml5dVFNmI/p6HqbTQdDXYFQmOwSQT8JK0WAlA
	N45HkQTRo0Jb0XUGXdfweqDFizEnP1IUt9Bd8/8/d0at6pIsrxA0vcB0h2Ef83YL
	H8osxOEgDVveIxBk6H2WCm2lo0/yog/EOjwyjPr/ClP+5B2S57D6hj/MVCddcTML
	cwhIMCyiGPttQVJp7+VCEkvxi75FksQeNrR3GMj9EA==
X-ME-Sender: <xms:FWw5adi4koX2170tEzNj0vPOM4IMEHQKglOaH_w20C9yD13E3tsUDw>
    <xme:FWw5aX5VSNttauUEkyG7LNL-qiC322ObrPdAON_iOOaUVIflvmP6zgldQhEmvWoUK
    xoqn_fYuT7U4QR4gu62UEl1cLx6ode69OPO7CwnsIJXcKJw1VWyad4>
X-ME-Received: 
 <xmr:FWw5aYJndHfQEHkuRbrpE4Oy7UmGV0mcZttMypCDM3n4BDzVKAEQsYJQJdCCSUumQw>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvvdegjecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecunecujfgurhephffvufffkffojghfggfgsedtkeertdertd
    dtnecuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdrihhsqeen
    ucggtffrrghtthgvrhhnpefgfedukedvleeileeludefveehgeelgfegvddujedvtdffue
    euveffheeljeekvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhl
    fhhrohhmpehhihesrghlhihsshgrrdhishdpnhgspghrtghpthhtohepuddpmhhouggvpe
    hsmhhtphhouhhtpdhrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdhoshdrohhr
    gh
X-ME-Proxy: <xmx:FWw5afHyBkBSEDK6fviNpKT3-4tjTHWrpKibYvjK_7RGr0ZHqO-_Ng>
    <xmx:FWw5aeVhiPFuDoavoCqa4ee-3CLaBtz58cLK-5-pFT5gOFgivXYqnw>
    <xmx:FWw5aajtlpzQasHR_yq1KNNkZKjVLOUQPraIS7UGRLXsBNnFVKig8g>
    <xmx:FWw5afQVza3WspqSzG52TR3carNKFrZJ9urQbOOXiRYUaGvJqRMP7A>
    <xmx:FWw5aVyxzOEN_PkmJGwqLlFuLyvzQtc0MpH1xRKETl-QtA543qE1dvyL>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <devel@spectrum-os.org>; Wed, 10 Dec 2025 07:48:21 -0500 (EST)
Received: by fw12.qyliss.net (Postfix, from userid 1000)
	id 728186C8FD4F; Wed, 10 Dec 2025 13:48:05 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Subject: [PATCH 5/8] host/rootfs: create a per-VM user namespace
Date: Wed, 10 Dec 2025 13:47:54 +0100
Message-ID: <20251210124757.1080443-5-hi@alyssa.is>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251210124757.1080443-1-hi@alyssa.is>
References: <20251210124757.1080443-1-hi@alyssa.is>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: RBYMEG3I7MD2D5B4JCWEWIK5BBKWDMZE
X-Message-ID-Hash: RBYMEG3I7MD2D5B4JCWEWIK5BBKWDMZE
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/RBYMEG3I7MD2D5B4JCWEWIK5BBKWDMZE/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

The document portal has to be root to mount its fuse filesystem.  This
needs to be a shared namespace because virtiofsd needs to be in the
same mount namespace as the document portal so that it sees the fuse
filesystem, so we create a per-VM persistent user namespace.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/image/usr/bin/create-vm-dependencies | 9 +++++++--
 host/rootfs/image/usr/bin/run-appimage           | 2 ++
 host/rootfs/image/usr/bin/run-flatpak            | 2 ++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/host/rootfs/image/usr/bin/create-vm-dependencies b/host/rootfs/image/usr/bin/create-vm-dependencies
index d4a10ab4..7ce19ed2 100755
--- a/host/rootfs/image/usr/bin/create-vm-dependencies
+++ b/host/rootfs/image/usr/bin/create-vm-dependencies
@@ -2,8 +2,9 @@
 # SPDX-License-Identifier: EUPL-1.2+
 # SPDX-FileCopyrightText: 2024-2025 Alyssa Ross <hi@alyssa.is>
 
-if { touch /run/vm/by-id/${1}/mount }
+if { touch /run/vm/by-id/${1}/mount /run/vm/by-id/${1}/user }
 if { mount --make-private --bind /run/vm/by-id/${1}/mount /run/vm/by-id/${1}/mount }
+if { mount --make-private --bind /run/vm/by-id/${1}/user /run/vm/by-id/${1}/user }
 
 if {
   mkdir -p
@@ -13,7 +14,11 @@ if {
 }
 
 if {
-  unshare --propagation=slave --mount=/run/vm/by-id/${1}/mount
+  unshare --propagation=slave
+    --map-users all
+    --map-groups all
+    --mount=/run/vm/by-id/${1}/mount
+    --user=/run/vm/by-id/${1}/user
 
   if { mount --make-shared --rbind /run/vm/by-id/${1} /run/vm/by-id/${1} }
 
diff --git a/host/rootfs/image/usr/bin/run-appimage b/host/rootfs/image/usr/bin/run-appimage
index 47cab4c5..5e8e29fa 100755
--- a/host/rootfs/image/usr/bin/run-appimage
+++ b/host/rootfs/image/usr/bin/run-appimage
@@ -44,4 +44,6 @@ if { s6-instance-delete /run/service/vm-services $id }
 
 if { umount ${dir}/mount } # mount namespace
 if { umount ${dir}/mount } # private bind mount
+if { umount ${dir}/user } # user namespace
+if { umount ${dir}/user } # private bind mount
 rm -r $dir /run/configs/${id}
diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/usr/bin/run-flatpak
index bb366735..86ccc12a 100755
--- a/host/rootfs/image/usr/bin/run-flatpak
+++ b/host/rootfs/image/usr/bin/run-flatpak
@@ -46,4 +46,6 @@ if { s6-instance-delete -- /run/service/vm-services $id }
 
 if { umount ${dir}/mount } # mount namespace
 if { umount ${dir}/mount } # private bind mount
+if { umount ${dir}/user } # user namespace
+if { umount ${dir}/user } # private bind mount
 rm -r $dir /run/configs/${id}
-- 
2.51.0