From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 26B1F4DFB;
	Fri, 12 Dec 2025 21:49:47 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 792404DD8; Fri, 12 Dec 2025 21:49:44 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
Received: from fhigh-a1-smtp.messagingengine.com
 (fhigh-a1-smtp.messagingengine.com [103.168.172.152])
	by atuin.qyliss.net (Postfix) with ESMTPS id 24BB24DD4
	for <devel@spectrum-os.org>; Fri, 12 Dec 2025 21:49:42 +0000 (UTC)
Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44])
	by mailfhigh.phl.internal (Postfix) with ESMTP id 352F11400171
	for <devel@spectrum-os.org>; Fri, 12 Dec 2025 16:49:39 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-04.internal (MEProxy); Fri, 12 Dec 2025 16:49:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:content-transfer-encoding:content-type:date:date:from:from
	:in-reply-to:message-id:mime-version:reply-to:subject:subject:to
	:to; s=fm3; t=1765576179; x=1765662579; bh=83zgyqpOwidh8qDTUkArv
	IbDsizBLCw7QVKZG+V2maQ=; b=begdnzChW8ytiGDYLy1L4mi+65yr5EqQSFw1U
	+1G+wMtc0dOuqqo4r2zX1Gx/7q/VVkokFt3uQnhnUzGsUw+L4ZZXz+DWH7EZrRXQ
	12UADOvvY4D5q7OwM1g0arVNqQw1MWYqKGlR5Mr7rNjPfdP1cvu66P4aP0ZiN9qI
	BCsjpOL5Ek5rOh5ME+GnsmEWQ+Gl3cg3UPwIVwefav0a1Fl9oiI2hWLt9vu/ddBm
	iIFEt6szxrgugQMsCu13Jnrxmk0e/mA4WZZEzBIxWM7AYhi7nUYppWm/+qart6JF
	vgDv9O8hs3M5137AOFJnNoad1f4wSropJ+5XCiLfF8QXGdfXA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:date:date:feedback-id:feedback-id:from:from:in-reply-to
	:message-id:mime-version:reply-to:subject:subject:to:to
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1765576179; x=1765662579; bh=83zgyqpOwidh8qDTUkArvIbDsizBLCw7QVK
	ZG+V2maQ=; b=b6DQkDvjhJr0CMJVV92Ocsb4zhF/X6RtTm4IvIPPx6TqzYcx1yg
	dH3vipV43dVMTLP1Ka5lsCuAUOzpQsa7Ld+B8btrusUO+tDj9XE0QdTJStKccMIW
	5xlpr4LITYO/z/FsclKsDnlKInTqD1PoX+36RTRNQ1JS5lTCZAbvpX3xv8+deweY
	6oypSE5gE3uRpuVSEQIBlOgUF597frzC3WyLDQ/Xre0jnC5N/xbU8mN5KfzsGdzl
	QVSC6IXkf0aHwnP/WTc1YFRr4qFT3JiYBxSL1zlwrQ1Q6KIS3B1YWwPbsNZob0Te
	N/d+ZoPaEBMk+DOPSs0mZXyUq60hd7pHcOg==
X-ME-Sender: <xms:8o08aQhzCq3hIrVHbzhiXcIeIQOFfNtxI2Dpzrj6MQMIfoguloKbdA>
    <xme:8o08ae67yX4E88SSRLuNTfiaFYZe_YkkKIxMWXHvDQyHTNpKgii4iiKmq8It5wIid
    aja5N5ZeJ28dadPpmSySb6JDmAeMigDXLceXqrqqiJfCMAaRdbqrw>
X-ME-Received: 
 <xmr:8o08aTKl1eYMLNJm_aglTckzqgvsmy2G96UbtHgo2LdpODx8CO7KXJ54kQjelMykZg>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvleeftdcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecunecujfgurhephffvufffkffoggfgsedtkeertdertddtne
    cuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucgg
    tffrrghtthgvrhhnpeehvdffgffhteeijefgteeftdfghfdvheeuhedvjedugfeggfelje
    fgleefvefgfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr
    ohhmpehhihesrghlhihsshgrrdhishdpnhgspghrtghpthhtohepuddpmhhouggvpehsmh
    htphhouhhtpdhrtghpthhtohepuggvvhgvlhesshhpvggtthhruhhmqdhoshdrohhrgh
X-ME-Proxy: <xmx:8o08aeFWGojGFahM3X5tyjXvOmebZVMsup4GpWS0x_J4Wt2AEcGgtA>
    <xmx:8o08aRWP007TWLpUwOtKjYzgeuv8yjhEkFiiCXF-WlOw3dcK6R0dcg>
    <xmx:8o08aRhLciiMsG8Lmghl5klaQIjXeDfHobZ0GlM5Gof-bcI2lDwMjw>
    <xmx:8o08aaR-ZpMPDlr8YzsbvJoFjL0pHMOstU3vrVuMpCgYJmsOOfCiHA>
    <xmx:8408acyTNNPrYhucRGh5t2A0fnORHp4uBiib8y04AUQDWluUHXEZlNbX>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <devel@spectrum-os.org>; Fri, 12 Dec 2025 16:49:38 -0500 (EST)
Received: by fw12.qyliss.net (Postfix, from userid 1000)
	id AAB1177E3A17; Fri, 12 Dec 2025 22:49:21 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: devel@spectrum-os.org
Subject: [PATCH] host/rootfs: add mount-userdata command
Date: Fri, 12 Dec 2025 22:48:59 +0100
Message-ID: <20251212214859.389183-1-hi@alyssa.is>
X-Mailer: git-send-email 2.51.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: CV5G3VBWT2AJXWZTLU372QWZDEFQPHP7
X-Message-ID-Hash: CV5G3VBWT2AJXWZTLU372QWZDEFQPHP7
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/CV5G3VBWT2AJXWZTLU372QWZDEFQPHP7/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

We shouldn't leave it to the user to manually mount user data
partitions.  We want to ensure restrictive mount flags are set, and be
able to do other operations around the mounting.  It's also nice to
have a single place where all user data partitions can be mounted.
I've taken inspiration from the FHS in using /media for this.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 .../development/persistent-storage.adoc       | 19 ++++++++++-----
 .../using-spectrum/creating-custom-vms.adoc   |  5 ++--
 .../using-spectrum/vm-file-access.adoc        |  4 ++--
 host/rootfs/Makefile                          |  2 +-
 host/rootfs/file-list.mk                      |  1 +
 host/rootfs/image/etc/fstab                   | 11 +++++----
 host/rootfs/image/usr/bin/mount-userdata      | 24 +++++++++++++++++++
 7 files changed, 50 insertions(+), 16 deletions(-)
 create mode 100755 host/rootfs/image/usr/bin/mount-userdata

diff --git a/Documentation/development/persistent-storage.adoc b/Documentation/development/persistent-storage.adoc
index 12426b46..c4bcc163 100644
--- a/Documentation/development/persistent-storage.adoc
+++ b/Documentation/development/persistent-storage.adoc
@@ -2,7 +2,7 @@
 :page-parent: Development
 :page-nav_order: 2
 
-// SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is>
+// SPDX-FileCopyrightText: 2024-2025 Alyssa Ross <hi@alyssa.is>
 // SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-4.0
 
 Spectrum's root filesystem is immutable, so if you want to be able to
@@ -10,8 +10,15 @@ persist data between sessions, you'll need to create a persistent
 storage partition.  Spectrum comes with `cryptsetup`, and in future is
 likely to assume that btrfs-specific features are available.
 
-Conventionally, the persistent storage partition is mounted on /ext
-after booting.  It's not mounted automatically, because generally the
-partition should be encrypted, meaning a key has to be supplied to
-mount it anyway, and because there might be multiple persistent data
-partitions to choose from.
+Persistent storage can be mounted as follows:
+
+[source,shell]
+----
+cryptsetup open /dev/sda1 userdata
+mount-userdata /dev/mapper/userdata
+----
+
+It's not mounted automatically, because generally the partition should
+be encrypted, meaning a key has to be supplied to mount it anyway, and
+because there might be multiple persistent data partitions to choose
+from.
diff --git a/Documentation/using-spectrum/creating-custom-vms.adoc b/Documentation/using-spectrum/creating-custom-vms.adoc
index a397ac50..1eca7f36 100644
--- a/Documentation/using-spectrum/creating-custom-vms.adoc
+++ b/Documentation/using-spectrum/creating-custom-vms.adoc
@@ -13,8 +13,9 @@ configurations are directories under a dedicated parent directory, and
 the name of each configuration directory determines the name of
 the VM.  After mounting the persistent storage partition, the
 configured VMs can be made available by running `vm-import user
-/ext/vms`, replacing /ext/vms with the directory containing the VM
-definitions.
+/media/4e43cdc2-82b2-4d94-8a90-b6c6189312d2/vms`, replacing
+/media/4e43cdc2-82b2-4d94-8a90-b6c6189312d2/vms with the directory
+containing the VM definitions.
 
 The directory can contain the following files:
 
diff --git a/Documentation/using-spectrum/vm-file-access.adoc b/Documentation/using-spectrum/vm-file-access.adoc
index 1b4fe9a5..a079cfe8 100644
--- a/Documentation/using-spectrum/vm-file-access.adoc
+++ b/Documentation/using-spectrum/vm-file-access.adoc
@@ -48,7 +48,7 @@ can be bind-mounted into it:
 +
 [listing]
 [source,shell]
-echo "Hello, world!" > /ext/example.txt
+echo "Hello, world!" > /media/4e43cdc2-82b2-4d94-8a90-b6c6189312d2/example.txt
 
 2. Create an empty file to bind mount over:
 +
@@ -60,5 +60,5 @@ touch /run/vm/by-name/user.appvm-example/fs/example.txt
 +
 [listing]
 [source,shell]
-mount --rbind /ext/example.txt /run/vm/by-name/user.appvm-example/fs/example.txt
+mount --rbind /media/4e43cdc2-82b2-4d94-8a90-b6c6189312d2/example.txt /run/vm/by-name/user.appvm-example/fs/example.txt
 ====
diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 7bec1259..211fb5dd 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -33,8 +33,8 @@ DIRS = \
 	etc/s6-linux-init/run-image/user \
 	etc/s6-linux-init/run-image/vm/by-id \
 	etc/s6-linux-init/run-image/vm/by-name \
-	ext \
 	home \
+	media \
 	proc \
 	run \
 	sys \
diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
index f69775d2..6bf40ff8 100644
--- a/host/rootfs/file-list.mk
+++ b/host/rootfs/file-list.mk
@@ -56,6 +56,7 @@ FILES = \
 	image/etc/xdg/weston/weston.ini \
 	image/usr/bin/assign-devices \
 	image/usr/bin/create-vm-dependencies \
+	image/usr/bin/mount-userdata \
 	image/usr/bin/root-terminal \
 	image/usr/bin/run-appimage \
 	image/usr/bin/run-flatpak \
diff --git a/host/rootfs/image/etc/fstab b/host/rootfs/image/etc/fstab
index 5c23a374..18bb5e45 100644
--- a/host/rootfs/image/etc/fstab
+++ b/host/rootfs/image/etc/fstab
@@ -1,7 +1,8 @@
 # SPDX-License-Identifier: CC0-1.0
 # SPDX-FileCopyrightText: 2020-2021, 2025 Alyssa Ross <hi@alyssa.is>
-proc	/proc		proc	nosuid,nodev,noexec		0	0
-devpts	/dev/pts	devpts	nosuid,noexec,gid=5,mode=620	0	0
-tmpfs	/dev/shm	tmpfs	nosuid,nodev			0	0
-sysfs	/sys		sysfs	nosuid,nodev,noexec		0	0
-tmpfs	/tmp		tmpfs	nosuid,nodev			0	0
+proc	/proc		proc	nosuid,nodev,noexec				0	0
+devpts	/dev/pts	devpts	nosuid,noexec,gid=5,mode=620			0	0
+tmpfs	/dev/shm	tmpfs	nosuid,nodev					0	0
+tmpfs	/media		tmpfs	nosuid,nodev,noexec,nosymfollow,mode=755	0	0
+sysfs	/sys		sysfs	nosuid,nodev,noexec				0	0
+tmpfs	/tmp		tmpfs	nosuid,nodev					0	0
diff --git a/host/rootfs/image/usr/bin/mount-userdata b/host/rootfs/image/usr/bin/mount-userdata
new file mode 100755
index 00000000..e4a873c0
--- /dev/null
+++ b/host/rootfs/image/usr/bin/mount-userdata
@@ -0,0 +1,24 @@
+#!/bin/execlineb -W
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
+
+backtick -D "" uuid {
+  importas -Siu 1
+  blkid -o value -s UUID $1
+}
+
+multisubstitute {
+  importas -Siu 0
+  importas -Siu 1
+  importas -Siu uuid
+}
+
+case $uuid {
+  "" {
+    fdmove -c 1 2
+    printf "%s: '%s' does not have a UUID\n" $0 $1
+  }
+}
+
+if { mount -m -o nosuid,nodev,noexec,nosymfollow -- $1 /media/${uuid} }
+printf "%s\n" /media/${uuid}

base-commit: 1afc3a7042ee1c40b6d2e564219be31ea8f1017f
-- 
2.51.0