[PATCH 1/5] host/rootfs: make passwd and group links into /run

patches and low-level development discussion
 help / color / mirror / code / Atom feed

* [PATCH 1/5] host/rootfs: make passwd and group links into /run
@ 2025-12-09  8:56 Alyssa Ross
  2025-12-09  8:56 ` [PATCH 2/5] host/rootfs: install shadow Alyssa Ross
                   ` (5 more replies)
  0 siblings, 6 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09  8:56 UTC (permalink / raw)
  To: devel

This will allow us to give shadow's useradd /run as a prefix, and have
it be able to add users at runtime.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/file-list.mk                         |  6 ++++--
 host/rootfs/image/etc/group                      | 16 +---------------
 host/rootfs/image/etc/passwd                     |  2 +-
 .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
 .../run-image/etc}/group.license                 |  0
 .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
 .../run-image/etc}/passwd.license                |  0
 7 files changed, 6 insertions(+), 18 deletions(-)
 mode change 100644 => 120000 host/rootfs/image/etc/group
 mode change 100644 => 120000 host/rootfs/image/etc/passwd
 copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
 rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
 copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
 rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)

diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
index df22bce..6ab78e6 100644
--- a/host/rootfs/file-list.mk
+++ b/host/rootfs/file-list.mk
@@ -4,13 +4,13 @@
 FILES = \
 	image/etc/fonts/fonts.conf \
 	image/etc/fstab \
-	image/etc/group \
 	image/etc/init \
 	image/etc/login \
 	image/etc/parse-devname \
-	image/etc/passwd \
 	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
 	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
+	image/etc/s6-linux-init/run-image/etc/group \
+	image/etc/s6-linux-init/run-image/etc/passwd \
 	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
 	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
 	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
@@ -68,6 +68,8 @@ FILES = \
 
 LINKS = \
 	image/bin \
+	image/etc/group \
+	image/etc/passwd \
 	image/etc/s6-linux-init/run-image/opengl-driver \
 	image/etc/s6-linux-init/run-image/service/vmm/template/run \
 	image/lib \
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
deleted file mode 100644
index e3ade46..0000000
--- a/host/rootfs/image/etc/group
+++ /dev/null
@@ -1,15 +0,0 @@
-root:x:0:root
-clock:x:1:
-dialout:x:2:
-kmem:x:3:
-input:x:4:
-tty:x:5:
-video:x:6:
-render:x:7:
-sgx:x:8:
-audio:x:9:
-lp:x:10:
-disk:x:11:
-cdrom:x:12:
-tape:x:13:
-kvm:x:14:
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
new file mode 120000
index 0000000..a9b248e
--- /dev/null
+++ b/host/rootfs/image/etc/group
@@ -0,0 +1 @@
+/run/etc/group
\ No newline at end of file
diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
deleted file mode 100644
index 29f3b25..0000000
--- a/host/rootfs/image/etc/passwd
+++ /dev/null
@@ -1 +0,0 @@
-root:x:0:0:System administrator:/:/bin/sh
diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
new file mode 120000
index 0000000..889bb76
--- /dev/null
+++ b/host/rootfs/image/etc/passwd
@@ -0,0 +1 @@
+/run/etc/passwd
\ No newline at end of file
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
similarity index 100%
copy from host/rootfs/image/etc/group
copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
similarity index 100%
rename from host/rootfs/image/etc/group.license
rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
similarity index 100%
copy from host/rootfs/image/etc/passwd
copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
similarity index 100%
rename from host/rootfs/image/etc/passwd.license
rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license

base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [PATCH 2/5] host/rootfs: install shadow
  2025-12-09  8:56 [PATCH 1/5] host/rootfs: make passwd and group links into /run Alyssa Ross
@ 2025-12-09  8:56 ` Alyssa Ross
  2025-12-09  8:56 ` [PATCH 3/5] host/rootfs: move Wayland out of XDG_RUNTIME_DIR Alyssa Ross
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09  8:56 UTC (permalink / raw)
  To: devel

Busybox's adduser is hardcoded to operate on /etc/passwd and create
/etc/passwd+ as a temporary file, which won't work for us with
read-only /.  Shadow's useradd supports specifying a prefix, so it
will be able to operate on /run/etc/passwd and create sibling
temporary files.  This will let us create new users at runtime.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/busybox-config |  3 +++
 host/rootfs/default.nix    | 11 ++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/host/rootfs/busybox-config b/host/rootfs/busybox-config
index f2fd5fc..1868773 100644
--- a/host/rootfs/busybox-config
+++ b/host/rootfs/busybox-config
@@ -11,6 +11,7 @@ CONFIG_CHATTR n
 CONFIG_CHCPU n
 CONFIG_CHMEM n
 CONFIG_CHOOM n
+CONFIG_CHPASSWD n
 CONFIG_CHRT n
 CONFIG_COLCRT n
 CONFIG_COLRM n
@@ -57,6 +58,7 @@ CONFIG_LDATTACH n
 CONFIG_LINUX32 n
 CONFIG_LINUX64 n
 CONFIG_LOGGER n
+CONFIG_LOGIN n
 CONFIG_LOOK n
 CONFIG_LOSETUP n
 CONFIG_LSATTR n
@@ -88,6 +90,7 @@ CONFIG_NAMEI n
 CONFIG_NOLOGIN n
 CONFIG_NSENTER n
 CONFIG_PARTX n
+CONFIG_PASSWD n
 CONFIG_PIPESZ n
 CONFIG_PIVOT_ROOT n
 CONFIG_POWEROFF n
diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
index abdd8b2..d86d8cc 100644
--- a/host/rootfs/default.nix
+++ b/host/rootfs/default.nix
@@ -13,7 +13,7 @@ pkgsMusl.callPackage (
 , btrfs-progs, bubblewrap, busybox, cloud-hypervisor, cosmic-files
 , crosvm, cryptsetup, dejavu_fonts, dbus, execline, foot, fuse3
 , iproute2, inotify-tools, jq, kmod, mdevd, mesa, mount-flatpak, s6
-, s6-linux-init, socat, systemd, util-linuxMinimal, virtiofsd
+, s6-linux-init, shadow, socat, systemd, util-linuxMinimal, virtiofsd
 , westonLite, xdg-desktop-portal, xdg-desktop-portal-gtk
 , xdg-desktop-portal-spectrum-host
 }:
@@ -27,8 +27,8 @@ let
   packages = [
     btrfs-progs bubblewrap cloud-hypervisor cosmic-files crosvm cryptsetup dbus
     execline fuse3 inotify-tools iproute2 jq kmod mdevd mount-flatpak s6
-    s6-linux-init s6-rc socat spectrum-host-tools spectrum-router
-    util-linuxMinimal virtiofsd xdg-desktop-portal-spectrum-host
+    s6-linux-init s6-rc shadow socat spectrum-host-tools spectrum-router
+    virtiofsd xdg-desktop-portal-spectrum-host
 
     (foot.override { allowPgo = false; })
 
@@ -36,6 +36,11 @@ let
       # Use a separate file as it is a bit too big.
       extraConfig = builtins.readFile ./busybox-config;
     })
+
+    (util-linuxMinimal.overrideAttrs ({ configureFlags ? [], ... }: {
+      # Conflicts with shadow.
+      configureFlags = configureFlags ++ [ "--disable-nologin" ];
+    }))
   ];
 
   nixosAllHardware = nixos ({ modulesPath, ... }: {
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [PATCH 3/5] host/rootfs: move Wayland out of XDG_RUNTIME_DIR
  2025-12-09  8:56 [PATCH 1/5] host/rootfs: make passwd and group links into /run Alyssa Ross
  2025-12-09  8:56 ` [PATCH 2/5] host/rootfs: install shadow Alyssa Ross
@ 2025-12-09  8:56 ` Alyssa Ross
  2025-12-09  8:56 ` [PATCH 4/5] host/rootfs: weston: add XDG_RUNTIME_DIR note Alyssa Ross
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09  8:56 UTC (permalink / raw)
  To: devel

XDG_RUNTIME_DIR doesn't play well with running the compositor as a
different user to clients.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY     | 2 +-
 .../vm-services/template/data/service/vhost-user-gpu/run    | 6 ++++--
 host/rootfs/image/etc/s6-rc/weston/run                      | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY b/host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY
index 5ff1a40..bbd390c 100644
--- a/host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY
+++ b/host/rootfs/image/etc/s6-linux-init/env/WAYLAND_DISPLAY
@@ -1 +1 @@
-wayland-1
+/run/wayland
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
index 73d6cae..6ee9959 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
@@ -5,12 +5,14 @@
 
 s6-ipcserver -1a 0700 -c 1 -b 1 env/crosvm.sock
 
+importas -Si WAYLAND_DISPLAY
+
 bwrap
   --unshare-all
   # --unshare-all only implies --unshare-user-try.
   # Make this more than a "try".
   --unshare-user
-  --bind /run/user/0/wayland-1 /run/user/0/wayland-1
+  --bind $WAYLAND_DISPLAY $WAYLAND_DISPLAY
   --ro-bind /usr /usr
   --ro-bind /lib /lib
   --tmpfs /tmp
@@ -35,5 +37,5 @@ bwrap
   --
 crosvm --no-syslog device gpu
   --fd 0
-  --wayland-sock /run/user/0/wayland-1
+  --wayland-sock $WAYLAND_DISPLAY
   --params "{\"context-types\":\"cross-domain\"}"
diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
index 41e42e6..1647990 100644
--- a/host/rootfs/image/etc/s6-rc/weston/run
+++ b/host/rootfs/image/etc/s6-rc/weston/run
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: EUPL-1.2+
 # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
 
-unexport WAYLAND_DISPLAY
+importas -Siu WAYLAND_DISPLAY
 
 if { mkdir -p -m 0700 /run/user/0 }
 
@@ -18,4 +18,4 @@ importas -i home HOME
 cd $home
 if { udevadm wait /dev/dri/card0 }
 unshare --cgroup --ipc --net --uts
-weston
+weston -S $WAYLAND_DISPLAY
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [PATCH 4/5] host/rootfs: weston: add XDG_RUNTIME_DIR note
  2025-12-09  8:56 [PATCH 1/5] host/rootfs: make passwd and group links into /run Alyssa Ross
  2025-12-09  8:56 ` [PATCH 2/5] host/rootfs: install shadow Alyssa Ross
  2025-12-09  8:56 ` [PATCH 3/5] host/rootfs: move Wayland out of XDG_RUNTIME_DIR Alyssa Ross
@ 2025-12-09  8:56 ` Alyssa Ross
  2025-12-09  8:56 ` [PATCH 5/5] host/rootfs: add wayland group Alyssa Ross
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09  8:56 UTC (permalink / raw)
  To: devel

There's no need to set this any more except that Weston checks for its
validity overenthusiastically.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/image/etc/s6-rc/weston/run | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
index 1647990..aa1e7b6 100644
--- a/host/rootfs/image/etc/s6-rc/weston/run
+++ b/host/rootfs/image/etc/s6-rc/weston/run
@@ -1,9 +1,11 @@
 #!/bin/execlineb -P
 # SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2021, 2025 Alyssa Ross <hi@alyssa.is>
 
 importas -Siu WAYLAND_DISPLAY
 
+# Workaround for
+# https://gitlab.freedesktop.org/wayland/weston/-/merge_requests/1911
 if { mkdir -p -m 0700 /run/user/0 }
 
 backtick USER { id -un }
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 15+ messages in thread

* [PATCH 5/5] host/rootfs: add wayland group
  2025-12-09  8:56 [PATCH 1/5] host/rootfs: make passwd and group links into /run Alyssa Ross
                   ` (2 preceding siblings ...)
  2025-12-09  8:56 ` [PATCH 4/5] host/rootfs: weston: add XDG_RUNTIME_DIR note Alyssa Ross
@ 2025-12-09  8:56 ` Alyssa Ross
  2025-12-09 10:55   ` Demi Marie Obenour
  2025-12-09 10:42 ` [PATCH 6/6] host/rootfs: run crosvm device gpu as non-root Alyssa Ross
  2025-12-09 10:52 ` [PATCH 1/5] host/rootfs: make passwd and group links into /run Demi Marie Obenour
  5 siblings, 1 reply; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09  8:56 UTC (permalink / raw)
  To: devel

This will allow clients running as unprivileged users to connect to
the compositor.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
 host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
index e3ade46..fe72eb7 100644
--- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
@@ -13,3 +13,4 @@ disk:x:11:
 cdrom:x:12:
 tape:x:13:
 kvm:x:14:
+wayland:x:15:
diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
index aa1e7b6..7cb182f 100644
--- a/host/rootfs/image/etc/s6-rc/weston/run
+++ b/host/rootfs/image/etc/s6-rc/weston/run
@@ -20,4 +20,9 @@ importas -i home HOME
 cd $home
 if { udevadm wait /dev/dri/card0 }
 unshare --cgroup --ipc --net --uts
+
+s6-envuidgid root
+s6-envuidgid -g wayland
+s6-applyuidgid -Uz
+umask 002
 weston -S $WAYLAND_DISPLAY
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 15+ messages in thread

* Re: [PATCH 5/5] host/rootfs: add wayland group
  2025-12-09  8:56 ` [PATCH 5/5] host/rootfs: add wayland group Alyssa Ross
@ 2025-12-09 10:55   ` Demi Marie Obenour
  2025-12-09 10:59     ` Alyssa Ross
  0 siblings, 1 reply; 15+ messages in thread
From: Demi Marie Obenour @ 2025-12-09 10:55 UTC (permalink / raw)
  To: Alyssa Ross, devel


[-- Attachment #1.1.1: Type: text/plain, Size: 1370 bytes --]

On 12/9/25 03:56, Alyssa Ross wrote:
> This will allow clients running as unprivileged users to connect to
> the compositor.
> 
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> ---
>  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
>  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
>  2 files changed, 6 insertions(+)
> 
> diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> index e3ade46..fe72eb7 100644
> --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> @@ -13,3 +13,4 @@ disk:x:11:
>  cdrom:x:12:
>  tape:x:13:
>  kvm:x:14:
> +wayland:x:15:
> diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
> index aa1e7b6..7cb182f 100644
> --- a/host/rootfs/image/etc/s6-rc/weston/run
> +++ b/host/rootfs/image/etc/s6-rc/weston/run
> @@ -20,4 +20,9 @@ importas -i home HOME
>  cd $home
>  if { udevadm wait /dev/dri/card0 }
>  unshare --cgroup --ipc --net --uts
> +
> +s6-envuidgid root
> +s6-envuidgid -g wayland
> +s6-applyuidgid -Uz
> +umask 002
>  weston -S $WAYLAND_DISPLAY

Can the socket be chmod'd after Weston starts?  Running with 002
umask is not great.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 5/5] host/rootfs: add wayland group
  2025-12-09 10:55   ` Demi Marie Obenour
@ 2025-12-09 10:59     ` Alyssa Ross
  2025-12-09 11:02       ` Demi Marie Obenour
  0 siblings, 1 reply; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09 10:59 UTC (permalink / raw)
  To: Demi Marie Obenour; +Cc: devel

[-- Attachment #1: Type: text/plain, Size: 1534 bytes --]

On Tue, Dec 09, 2025 at 05:55:22AM -0500, Demi Marie Obenour wrote:
> On 12/9/25 03:56, Alyssa Ross wrote:
> > This will allow clients running as unprivileged users to connect to
> > the compositor.
> >
> > Signed-off-by: Alyssa Ross <hi@alyssa.is>
> > ---
> >  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
> >  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
> >  2 files changed, 6 insertions(+)
> >
> > diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > index e3ade46..fe72eb7 100644
> > --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> > @@ -13,3 +13,4 @@ disk:x:11:
> >  cdrom:x:12:
> >  tape:x:13:
> >  kvm:x:14:
> > +wayland:x:15:
> > diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
> > index aa1e7b6..7cb182f 100644
> > --- a/host/rootfs/image/etc/s6-rc/weston/run
> > +++ b/host/rootfs/image/etc/s6-rc/weston/run
> > @@ -20,4 +20,9 @@ importas -i home HOME
> >  cd $home
> >  if { udevadm wait /dev/dri/card0 }
> >  unshare --cgroup --ipc --net --uts
> > +
> > +s6-envuidgid root
> > +s6-envuidgid -g wayland
> > +s6-applyuidgid -Uz
> > +umask 002
> >  weston -S $WAYLAND_DISPLAY
>
> Can the socket be chmod'd after Weston starts?  Running with 002
> umask is not great.

If we use sd-notify-adapter, then I think so, but it wouldn't be very
nice.

What's the problem with umask 002?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 5/5] host/rootfs: add wayland group
  2025-12-09 10:59     ` Alyssa Ross
@ 2025-12-09 11:02       ` Demi Marie Obenour
  2025-12-09 11:09         ` Alyssa Ross
  0 siblings, 1 reply; 15+ messages in thread
From: Demi Marie Obenour @ 2025-12-09 11:02 UTC (permalink / raw)
  To: Alyssa Ross; +Cc: devel


[-- Attachment #1.1.1: Type: text/plain, Size: 2018 bytes --]

On 12/9/25 05:59, Alyssa Ross wrote:
> On Tue, Dec 09, 2025 at 05:55:22AM -0500, Demi Marie Obenour wrote:
>> On 12/9/25 03:56, Alyssa Ross wrote:
>>> This will allow clients running as unprivileged users to connect to
>>> the compositor.
>>>
>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>> ---
>>>  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
>>>  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
>>>  2 files changed, 6 insertions(+)
>>>
>>> diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> index e3ade46..fe72eb7 100644
>>> --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> @@ -13,3 +13,4 @@ disk:x:11:
>>>  cdrom:x:12:
>>>  tape:x:13:
>>>  kvm:x:14:
>>> +wayland:x:15:
>>> diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
>>> index aa1e7b6..7cb182f 100644
>>> --- a/host/rootfs/image/etc/s6-rc/weston/run
>>> +++ b/host/rootfs/image/etc/s6-rc/weston/run
>>> @@ -20,4 +20,9 @@ importas -i home HOME
>>>  cd $home
>>>  if { udevadm wait /dev/dri/card0 }
>>>  unshare --cgroup --ipc --net --uts
>>> +
>>> +s6-envuidgid root
>>> +s6-envuidgid -g wayland
>>> +s6-applyuidgid -Uz
>>> +umask 002
>>>  weston -S $WAYLAND_DISPLAY
>>
>> Can the socket be chmod'd after Weston starts?  Running with 002
>> umask is not great.
> 
> If we use sd-notify-adapter, then I think so, but it wouldn't be very
> nice.

Using sd-notify-adapter is probably a good idea anyway, so that nothing
tries to connect to the socket before it is there to connect to.

> What's the problem with umask 002?

It means that any files created by the service are group-writable and
world-readable, which is almost never what one wants.  It means that
the service can't even trust a file it itself created.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 5/5] host/rootfs: add wayland group
  2025-12-09 11:02       ` Demi Marie Obenour
@ 2025-12-09 11:09         ` Alyssa Ross
  0 siblings, 0 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09 11:09 UTC (permalink / raw)
  To: Demi Marie Obenour; +Cc: devel

[-- Attachment #1: Type: text/plain, Size: 2270 bytes --]

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 12/9/25 05:59, Alyssa Ross wrote:
>> On Tue, Dec 09, 2025 at 05:55:22AM -0500, Demi Marie Obenour wrote:
>>> On 12/9/25 03:56, Alyssa Ross wrote:
>>>> This will allow clients running as unprivileged users to connect to
>>>> the compositor.
>>>>
>>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>>> ---
>>>>  host/rootfs/image/etc/s6-linux-init/run-image/etc/group | 1 +
>>>>  host/rootfs/image/etc/s6-rc/weston/run                  | 5 +++++
>>>>  2 files changed, 6 insertions(+)
>>>>
>>>> diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> index e3ade46..fe72eb7 100644
>>>> --- a/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> +++ b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> @@ -13,3 +13,4 @@ disk:x:11:
>>>>  cdrom:x:12:
>>>>  tape:x:13:
>>>>  kvm:x:14:
>>>> +wayland:x:15:
>>>> diff --git a/host/rootfs/image/etc/s6-rc/weston/run b/host/rootfs/image/etc/s6-rc/weston/run
>>>> index aa1e7b6..7cb182f 100644
>>>> --- a/host/rootfs/image/etc/s6-rc/weston/run
>>>> +++ b/host/rootfs/image/etc/s6-rc/weston/run
>>>> @@ -20,4 +20,9 @@ importas -i home HOME
>>>>  cd $home
>>>>  if { udevadm wait /dev/dri/card0 }
>>>>  unshare --cgroup --ipc --net --uts
>>>> +
>>>> +s6-envuidgid root
>>>> +s6-envuidgid -g wayland
>>>> +s6-applyuidgid -Uz
>>>> +umask 002
>>>>  weston -S $WAYLAND_DISPLAY
>>>
>>> Can the socket be chmod'd after Weston starts?  Running with 002
>>> umask is not great.
>> 
>> If we use sd-notify-adapter, then I think so, but it wouldn't be very
>> nice.
>
> Using sd-notify-adapter is probably a good idea anyway, so that nothing
> tries to connect to the socket before it is there to connect to.

Oh, right, we actually already have readiness notification via
/etc/xdg/weston/autolaunch.  It won't run as root soon, but we could
wait for that in the run script and do the chmod there.

>> What's the problem with umask 002?
>
> It means that any files created by the service are group-writable and
> world-readable, which is almost never what one wants.  It means that
> the service can't even trust a file it itself created.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 6/6] host/rootfs: run crosvm device gpu as non-root
  2025-12-09  8:56 [PATCH 1/5] host/rootfs: make passwd and group links into /run Alyssa Ross
                   ` (3 preceding siblings ...)
  2025-12-09  8:56 ` [PATCH 5/5] host/rootfs: add wayland group Alyssa Ross
@ 2025-12-09 10:42 ` Alyssa Ross
  2025-12-09 10:52 ` [PATCH 1/5] host/rootfs: make passwd and group links into /run Demi Marie Obenour
  5 siblings, 0 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09 10:42 UTC (permalink / raw)
  To: devel

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 .../template/data/service/vhost-user-gpu/run          | 11 +++++++++--
 host/rootfs/image/usr/bin/run-appimage                |  1 +
 host/rootfs/image/usr/bin/run-flatpak                 |  1 +
 host/rootfs/image/usr/bin/vm-import                   |  1 +
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
index 6ee99599..1341691b 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run
@@ -3,9 +3,16 @@
 # SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
 # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
 
-s6-ipcserver -1a 0700 -c 1 -b 1 env/crosvm.sock
+s6-ipcserver-socketbinder -a 0700 -b 1 env/crosvm.sock
 
-importas -Si WAYLAND_DISPLAY
+multisubstitute {
+  importas -Siu VM
+  importas -Si WAYLAND_DISPLAY
+}
+
+s6-envuidgid gpu-${VM}
+s6-applyuidgid -UzG 15 # wayland
+s6-ipcserverd -1c 1
 
 bwrap
   --unshare-all
diff --git a/host/rootfs/image/usr/bin/run-appimage b/host/rootfs/image/usr/bin/run-appimage
index f2fe7bc2..36f57b85 100755
--- a/host/rootfs/image/usr/bin/run-appimage
+++ b/host/rootfs/image/usr/bin/run-appimage
@@ -4,6 +4,7 @@
 
 backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX }
 backtick -E id { basename -- $dir }
+if { useradd -P /run -Urd / -s /bin/nologin gpu-${id} }
 
 if { mkdir -p /run/configs/${id}/fs }
 
diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/usr/bin/run-flatpak
index d7914a7a..2ef20433 100755
--- a/host/rootfs/image/usr/bin/run-flatpak
+++ b/host/rootfs/image/usr/bin/run-flatpak
@@ -4,6 +4,7 @@
 
 backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX }
 backtick -E id { basename -- $dir }
+if { useradd -P /run -Urd / -s /bin/nologin gpu-${id} }
 
 if {
   elgetpositionals
diff --git a/host/rootfs/image/usr/bin/vm-import b/host/rootfs/image/usr/bin/vm-import
index c1d1bbc1..19a0df36 100755
--- a/host/rootfs/image/usr/bin/vm-import
+++ b/host/rootfs/image/usr/bin/vm-import
@@ -9,6 +9,7 @@ forx -po0 -E name { $names }
 
 backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX }
 backtick -E id { basename -- $dir }
+if { useradd -P /run -Urd / -s /bin/nologin gpu-${id} }
 
 if { ln -s -- ${dir} /run/vm/by-name/${1}.${name} }
 if { ln -s -- ${2}/${name} ${dir}/config }
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run
  2025-12-09  8:56 [PATCH 1/5] host/rootfs: make passwd and group links into /run Alyssa Ross
                   ` (4 preceding siblings ...)
  2025-12-09 10:42 ` [PATCH 6/6] host/rootfs: run crosvm device gpu as non-root Alyssa Ross
@ 2025-12-09 10:52 ` Demi Marie Obenour
  2025-12-09 10:57   ` Alyssa Ross
  5 siblings, 1 reply; 15+ messages in thread
From: Demi Marie Obenour @ 2025-12-09 10:52 UTC (permalink / raw)
  To: Alyssa Ross, devel


[-- Attachment #1.1.1: Type: text/plain, Size: 4633 bytes --]

On 12/9/25 03:56, Alyssa Ross wrote:
> This will allow us to give shadow's useradd /run as a prefix, and have
> it be able to add users at runtime.
> 
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> ---
>  host/rootfs/file-list.mk                         |  6 ++++--
>  host/rootfs/image/etc/group                      | 16 +---------------
>  host/rootfs/image/etc/passwd                     |  2 +-
>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>  .../run-image/etc}/group.license                 |  0
>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>  .../run-image/etc}/passwd.license                |  0

Is git somehow generating wrong diffstats?

>  7 files changed, 6 insertions(+), 18 deletions(-)
>  mode change 100644 => 120000 host/rootfs/image/etc/group
>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
> 
> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
> index df22bce..6ab78e6 100644
> --- a/host/rootfs/file-list.mk
> +++ b/host/rootfs/file-list.mk
> @@ -4,13 +4,13 @@
>  FILES = \
>  	image/etc/fonts/fonts.conf \
>  	image/etc/fstab \
> -	image/etc/group \
>  	image/etc/init \
>  	image/etc/login \
>  	image/etc/parse-devname \
> -	image/etc/passwd \
>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
> +	image/etc/s6-linux-init/run-image/etc/group \
> +	image/etc/s6-linux-init/run-image/etc/passwd \
>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
> @@ -68,6 +68,8 @@ FILES = \
>  
>  LINKS = \
>  	image/bin \
> +	image/etc/group \
> +	image/etc/passwd \
>  	image/etc/s6-linux-init/run-image/opengl-driver \
>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>  	image/lib \
> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
> deleted file mode 100644
> index e3ade46..0000000
> --- a/host/rootfs/image/etc/group
> +++ /dev/null
> @@ -1,15 +0,0 @@
> -root:x:0:root
> -clock:x:1:
> -dialout:x:2:
> -kmem:x:3:
> -input:x:4:
> -tty:x:5:
> -video:x:6:
> -render:x:7:
> -sgx:x:8:
> -audio:x:9:
> -lp:x:10:
> -disk:x:11:
> -cdrom:x:12:
> -tape:x:13:
> -kvm:x:14:

Why is this file deleted and not renamed?

> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
> new file mode 120000
> index 0000000..a9b248e
> --- /dev/null
> +++ b/host/rootfs/image/etc/group
> @@ -0,0 +1 @@
> +/run/etc/group

../run/etc/group?

> \ No newline at end of file
> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
> deleted file mode 100644
> index 29f3b25..0000000
> --- a/host/rootfs/image/etc/passwd
> +++ /dev/null
> @@ -1 +0,0 @@
> -root:x:0:0:System administrator:/:/bin/sh
> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
> new file mode 120000
> index 0000000..889bb76
> --- /dev/null
> +++ b/host/rootfs/image/etc/passwd
> @@ -0,0 +1 @@
> +/run/etc/passwd

../run/etc/passwd?

> \ No newline at end of file
> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> similarity index 100%
> copy from host/rootfs/image/etc/group
> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
> similarity index 100%
> rename from host/rootfs/image/etc/group.license
> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
> similarity index 100%
> copy from host/rootfs/image/etc/passwd
> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
> similarity index 100%
> rename from host/rootfs/image/etc/passwd.license
> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
> 
> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409


-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run
  2025-12-09 10:52 ` [PATCH 1/5] host/rootfs: make passwd and group links into /run Demi Marie Obenour
@ 2025-12-09 10:57   ` Alyssa Ross
  2025-12-09 11:03     ` Demi Marie Obenour
  0 siblings, 1 reply; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09 10:57 UTC (permalink / raw)
  To: Demi Marie Obenour, devel

[-- Attachment #1: Type: text/plain, Size: 5057 bytes --]

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 12/9/25 03:56, Alyssa Ross wrote:
>> This will allow us to give shadow's useradd /run as a prefix, and have
>> it be able to add users at runtime.
>> 
>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>> ---
>>  host/rootfs/file-list.mk                         |  6 ++++--
>>  host/rootfs/image/etc/group                      | 16 +---------------
>>  host/rootfs/image/etc/passwd                     |  2 +-
>>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>>  .../run-image/etc}/group.license                 |  0
>>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>>  .../run-image/etc}/passwd.license                |  0
>
> Is git somehow generating wrong diffstats?

It just generates extremely confusing output when you replace a file
with a symlink.

>>  7 files changed, 6 insertions(+), 18 deletions(-)
>>  mode change 100644 => 120000 host/rootfs/image/etc/group
>>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
>> 
>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>> index df22bce..6ab78e6 100644
>> --- a/host/rootfs/file-list.mk
>> +++ b/host/rootfs/file-list.mk
>> @@ -4,13 +4,13 @@
>>  FILES = \
>>  	image/etc/fonts/fonts.conf \
>>  	image/etc/fstab \
>> -	image/etc/group \
>>  	image/etc/init \
>>  	image/etc/login \
>>  	image/etc/parse-devname \
>> -	image/etc/passwd \
>>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
>> +	image/etc/s6-linux-init/run-image/etc/group \
>> +	image/etc/s6-linux-init/run-image/etc/passwd \
>>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
>> @@ -68,6 +68,8 @@ FILES = \
>>  
>>  LINKS = \
>>  	image/bin \
>> +	image/etc/group \
>> +	image/etc/passwd \
>>  	image/etc/s6-linux-init/run-image/opengl-driver \
>>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>>  	image/lib \
>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>> deleted file mode 100644
>> index e3ade46..0000000
>> --- a/host/rootfs/image/etc/group
>> +++ /dev/null
>> @@ -1,15 +0,0 @@
>> -root:x:0:root
>> -clock:x:1:
>> -dialout:x:2:
>> -kmem:x:3:
>> -input:x:4:
>> -tty:x:5:
>> -video:x:6:
>> -render:x:7:
>> -sgx:x:8:
>> -audio:x:9:
>> -lp:x:10:
>> -disk:x:11:
>> -cdrom:x:12:
>> -tape:x:13:
>> -kvm:x:14:
>
> Why is this file deleted and not renamed?

git considers it a copy (see below) followed by a deletion and
replacement with symlink.  It is, effectively, renamed.

>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>> new file mode 120000
>> index 0000000..a9b248e
>> --- /dev/null
>> +++ b/host/rootfs/image/etc/group
>> @@ -0,0 +1 @@
>> +/run/etc/group
>
> ../run/etc/group?

Okay, makes sense.

>> \ No newline at end of file
>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>> deleted file mode 100644
>> index 29f3b25..0000000
>> --- a/host/rootfs/image/etc/passwd
>> +++ /dev/null
>> @@ -1 +0,0 @@
>> -root:x:0:0:System administrator:/:/bin/sh
>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>> new file mode 120000
>> index 0000000..889bb76
>> --- /dev/null
>> +++ b/host/rootfs/image/etc/passwd
>> @@ -0,0 +1 @@
>> +/run/etc/passwd
>
> ../run/etc/passwd?
>
>> \ No newline at end of file
>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>> similarity index 100%
>> copy from host/rootfs/image/etc/group
>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>> similarity index 100%
>> rename from host/rootfs/image/etc/group.license
>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>> similarity index 100%
>> copy from host/rootfs/image/etc/passwd
>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>> similarity index 100%
>> rename from host/rootfs/image/etc/passwd.license
>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>> 
>> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
>
>
> -- 
> Sincerely,
> Demi Marie Obenour (she/her/hers)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run
  2025-12-09 10:57   ` Alyssa Ross
@ 2025-12-09 11:03     ` Demi Marie Obenour
  2025-12-09 11:11       ` Alyssa Ross
  0 siblings, 1 reply; 15+ messages in thread
From: Demi Marie Obenour @ 2025-12-09 11:03 UTC (permalink / raw)
  To: Alyssa Ross, devel


[-- Attachment #1.1.1: Type: text/plain, Size: 5426 bytes --]

On 12/9/25 05:57, Alyssa Ross wrote:
> Demi Marie Obenour <demiobenour@gmail.com> writes:
> 
>> On 12/9/25 03:56, Alyssa Ross wrote:
>>> This will allow us to give shadow's useradd /run as a prefix, and have
>>> it be able to add users at runtime.
>>>
>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>> ---
>>>  host/rootfs/file-list.mk                         |  6 ++++--
>>>  host/rootfs/image/etc/group                      | 16 +---------------
>>>  host/rootfs/image/etc/passwd                     |  2 +-
>>>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>>>  .../run-image/etc}/group.license                 |  0
>>>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>>>  .../run-image/etc}/passwd.license                |  0
>>
>> Is git somehow generating wrong diffstats?
> 
> It just generates extremely confusing output when you replace a file
> with a symlink.
> 
>>>  7 files changed, 6 insertions(+), 18 deletions(-)
>>>  mode change 100644 => 120000 host/rootfs/image/etc/group
>>>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
>>>
>>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>>> index df22bce..6ab78e6 100644
>>> --- a/host/rootfs/file-list.mk
>>> +++ b/host/rootfs/file-list.mk
>>> @@ -4,13 +4,13 @@
>>>  FILES = \
>>>  	image/etc/fonts/fonts.conf \
>>>  	image/etc/fstab \
>>> -	image/etc/group \
>>>  	image/etc/init \
>>>  	image/etc/login \
>>>  	image/etc/parse-devname \
>>> -	image/etc/passwd \
>>>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>>>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
>>> +	image/etc/s6-linux-init/run-image/etc/group \
>>> +	image/etc/s6-linux-init/run-image/etc/passwd \
>>>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>>>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>>>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
>>> @@ -68,6 +68,8 @@ FILES = \
>>>  
>>>  LINKS = \
>>>  	image/bin \
>>> +	image/etc/group \
>>> +	image/etc/passwd \
>>>  	image/etc/s6-linux-init/run-image/opengl-driver \
>>>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>>>  	image/lib \
>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>> deleted file mode 100644
>>> index e3ade46..0000000
>>> --- a/host/rootfs/image/etc/group
>>> +++ /dev/null
>>> @@ -1,15 +0,0 @@
>>> -root:x:0:root
>>> -clock:x:1:
>>> -dialout:x:2:
>>> -kmem:x:3:
>>> -input:x:4:
>>> -tty:x:5:
>>> -video:x:6:
>>> -render:x:7:
>>> -sgx:x:8:
>>> -audio:x:9:
>>> -lp:x:10:
>>> -disk:x:11:
>>> -cdrom:x:12:
>>> -tape:x:13:
>>> -kvm:x:14:
>>
>> Why is this file deleted and not renamed?
> 
> git considers it a copy (see below) followed by a deletion and
> replacement with symlink.  It is, effectively, renamed.
> 
>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>> new file mode 120000
>>> index 0000000..a9b248e
>>> --- /dev/null
>>> +++ b/host/rootfs/image/etc/group
>>> @@ -0,0 +1 @@
>>> +/run/etc/group
>>
>> ../run/etc/group?
> 
> Okay, makes sense.
> 
>>> \ No newline at end of file
>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>> deleted file mode 100644
>>> index 29f3b25..0000000
>>> --- a/host/rootfs/image/etc/passwd
>>> +++ /dev/null
>>> @@ -1 +0,0 @@
>>> -root:x:0:0:System administrator:/:/bin/sh
>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>> new file mode 120000
>>> index 0000000..889bb76
>>> --- /dev/null
>>> +++ b/host/rootfs/image/etc/passwd
>>> @@ -0,0 +1 @@
>>> +/run/etc/passwd
>>
>> ../run/etc/passwd?
>>
>>> \ No newline at end of file
>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> similarity index 100%
>>> copy from host/rootfs/image/etc/group
>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>> similarity index 100%
>>> rename from host/rootfs/image/etc/group.license
>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>> similarity index 100%
>>> copy from host/rootfs/image/etc/passwd
>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>> similarity index 100%
>>> rename from host/rootfs/image/etc/passwd.license
>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>
>>> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
>>
>>
>> -- 
>> Sincerely,
>> Demi Marie Obenour (she/her/hers)

Assuming I understood the diff correctly, and with relative symlinks:

Reviewed-by: Demi Marie Obenour <demiobenour@gmail.com>
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run
  2025-12-09 11:03     ` Demi Marie Obenour
@ 2025-12-09 11:11       ` Alyssa Ross
  2025-12-09 11:15         ` Demi Marie Obenour
  0 siblings, 1 reply; 15+ messages in thread
From: Alyssa Ross @ 2025-12-09 11:11 UTC (permalink / raw)
  To: Demi Marie Obenour, devel

[-- Attachment #1: Type: text/plain, Size: 5795 bytes --]

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 12/9/25 05:57, Alyssa Ross wrote:
>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>> 
>>> On 12/9/25 03:56, Alyssa Ross wrote:
>>>> This will allow us to give shadow's useradd /run as a prefix, and have
>>>> it be able to add users at runtime.
>>>>
>>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>>> ---
>>>>  host/rootfs/file-list.mk                         |  6 ++++--
>>>>  host/rootfs/image/etc/group                      | 16 +---------------
>>>>  host/rootfs/image/etc/passwd                     |  2 +-
>>>>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>>>>  .../run-image/etc}/group.license                 |  0
>>>>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>>>>  .../run-image/etc}/passwd.license                |  0
>>>
>>> Is git somehow generating wrong diffstats?
>> 
>> It just generates extremely confusing output when you replace a file
>> with a symlink.
>> 
>>>>  7 files changed, 6 insertions(+), 18 deletions(-)
>>>>  mode change 100644 => 120000 host/rootfs/image/etc/group
>>>>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
>>>>
>>>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>>>> index df22bce..6ab78e6 100644
>>>> --- a/host/rootfs/file-list.mk
>>>> +++ b/host/rootfs/file-list.mk
>>>> @@ -4,13 +4,13 @@
>>>>  FILES = \
>>>>  	image/etc/fonts/fonts.conf \
>>>>  	image/etc/fstab \
>>>> -	image/etc/group \
>>>>  	image/etc/init \
>>>>  	image/etc/login \
>>>>  	image/etc/parse-devname \
>>>> -	image/etc/passwd \
>>>>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>>>>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
>>>> +	image/etc/s6-linux-init/run-image/etc/group \
>>>> +	image/etc/s6-linux-init/run-image/etc/passwd \
>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
>>>> @@ -68,6 +68,8 @@ FILES = \
>>>>  
>>>>  LINKS = \
>>>>  	image/bin \
>>>> +	image/etc/group \
>>>> +	image/etc/passwd \
>>>>  	image/etc/s6-linux-init/run-image/opengl-driver \
>>>>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>>>>  	image/lib \
>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>>> deleted file mode 100644
>>>> index e3ade46..0000000
>>>> --- a/host/rootfs/image/etc/group
>>>> +++ /dev/null
>>>> @@ -1,15 +0,0 @@
>>>> -root:x:0:root
>>>> -clock:x:1:
>>>> -dialout:x:2:
>>>> -kmem:x:3:
>>>> -input:x:4:
>>>> -tty:x:5:
>>>> -video:x:6:
>>>> -render:x:7:
>>>> -sgx:x:8:
>>>> -audio:x:9:
>>>> -lp:x:10:
>>>> -disk:x:11:
>>>> -cdrom:x:12:
>>>> -tape:x:13:
>>>> -kvm:x:14:
>>>
>>> Why is this file deleted and not renamed?
>> 
>> git considers it a copy (see below) followed by a deletion and
>> replacement with symlink.  It is, effectively, renamed.
>> 
>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>>> new file mode 120000
>>>> index 0000000..a9b248e
>>>> --- /dev/null
>>>> +++ b/host/rootfs/image/etc/group
>>>> @@ -0,0 +1 @@
>>>> +/run/etc/group
>>>
>>> ../run/etc/group?
>> 
>> Okay, makes sense.
>> 
>>>> \ No newline at end of file
>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>>> deleted file mode 100644
>>>> index 29f3b25..0000000
>>>> --- a/host/rootfs/image/etc/passwd
>>>> +++ /dev/null
>>>> @@ -1 +0,0 @@
>>>> -root:x:0:0:System administrator:/:/bin/sh
>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>>> new file mode 120000
>>>> index 0000000..889bb76
>>>> --- /dev/null
>>>> +++ b/host/rootfs/image/etc/passwd
>>>> @@ -0,0 +1 @@
>>>> +/run/etc/passwd
>>>
>>> ../run/etc/passwd?
>>>
>>>> \ No newline at end of file
>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> similarity index 100%
>>>> copy from host/rootfs/image/etc/group
>>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>>> similarity index 100%
>>>> rename from host/rootfs/image/etc/group.license
>>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>>> similarity index 100%
>>>> copy from host/rootfs/image/etc/passwd
>>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>>> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>> similarity index 100%
>>>> rename from host/rootfs/image/etc/passwd.license
>>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>>
>>>> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
>>>
>>>
>>> -- 
>>> Sincerely,
>>> Demi Marie Obenour (she/her/hers)
>
> Assuming I understood the diff correctly, and with relative symlinks:
>
> Reviewed-by: Demi Marie Obenour <demiobenour@gmail.com>

Wait, actually, why do we want relative symlinks?  Previously I've used
them so you can follow the symlinks in the development tree, but that
doesn't work here anyway because there's obviously no run in the tree.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/5] host/rootfs: make passwd and group links into /run
  2025-12-09 11:11       ` Alyssa Ross
@ 2025-12-09 11:15         ` Demi Marie Obenour
  0 siblings, 0 replies; 15+ messages in thread
From: Demi Marie Obenour @ 2025-12-09 11:15 UTC (permalink / raw)
  To: Alyssa Ross, devel


[-- Attachment #1.1.1: Type: text/plain, Size: 6396 bytes --]

On 12/9/25 06:11, Alyssa Ross wrote:
> Demi Marie Obenour <demiobenour@gmail.com> writes:
> 
>> On 12/9/25 05:57, Alyssa Ross wrote:
>>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>>>
>>>> On 12/9/25 03:56, Alyssa Ross wrote:
>>>>> This will allow us to give shadow's useradd /run as a prefix, and have
>>>>> it be able to add users at runtime.
>>>>>
>>>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>>>> ---
>>>>>  host/rootfs/file-list.mk                         |  6 ++++--
>>>>>  host/rootfs/image/etc/group                      | 16 +---------------
>>>>>  host/rootfs/image/etc/passwd                     |  2 +-
>>>>>  .../etc/{ => s6-linux-init/run-image/etc}/group  |  0
>>>>>  .../run-image/etc}/group.license                 |  0
>>>>>  .../etc/{ => s6-linux-init/run-image/etc}/passwd |  0
>>>>>  .../run-image/etc}/passwd.license                |  0
>>>>
>>>> Is git somehow generating wrong diffstats?
>>>
>>> It just generates extremely confusing output when you replace a file
>>> with a symlink.
>>>
>>>>>  7 files changed, 6 insertions(+), 18 deletions(-)
>>>>>  mode change 100644 => 120000 host/rootfs/image/etc/group
>>>>>  mode change 100644 => 120000 host/rootfs/image/etc/passwd
>>>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group (100%)
>>>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/group.license (100%)
>>>>>  copy host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd (100%)
>>>>>  rename host/rootfs/image/etc/{ => s6-linux-init/run-image/etc}/passwd.license (100%)
>>>>>
>>>>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>>>>> index df22bce..6ab78e6 100644
>>>>> --- a/host/rootfs/file-list.mk
>>>>> +++ b/host/rootfs/file-list.mk
>>>>> @@ -4,13 +4,13 @@
>>>>>  FILES = \
>>>>>  	image/etc/fonts/fonts.conf \
>>>>>  	image/etc/fstab \
>>>>> -	image/etc/group \
>>>>>  	image/etc/init \
>>>>>  	image/etc/login \
>>>>>  	image/etc/parse-devname \
>>>>> -	image/etc/passwd \
>>>>>  	image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
>>>>>  	image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
>>>>> +	image/etc/s6-linux-init/run-image/etc/group \
>>>>> +	image/etc/s6-linux-init/run-image/etc/passwd \
>>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty1/run \
>>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty2/run \
>>>>>  	image/etc/s6-linux-init/run-image/service/getty-tty3/run \
>>>>> @@ -68,6 +68,8 @@ FILES = \
>>>>>  
>>>>>  LINKS = \
>>>>>  	image/bin \
>>>>> +	image/etc/group \
>>>>> +	image/etc/passwd \
>>>>>  	image/etc/s6-linux-init/run-image/opengl-driver \
>>>>>  	image/etc/s6-linux-init/run-image/service/vmm/template/run \
>>>>>  	image/lib \
>>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>>>> deleted file mode 100644
>>>>> index e3ade46..0000000
>>>>> --- a/host/rootfs/image/etc/group
>>>>> +++ /dev/null
>>>>> @@ -1,15 +0,0 @@
>>>>> -root:x:0:root
>>>>> -clock:x:1:
>>>>> -dialout:x:2:
>>>>> -kmem:x:3:
>>>>> -input:x:4:
>>>>> -tty:x:5:
>>>>> -video:x:6:
>>>>> -render:x:7:
>>>>> -sgx:x:8:
>>>>> -audio:x:9:
>>>>> -lp:x:10:
>>>>> -disk:x:11:
>>>>> -cdrom:x:12:
>>>>> -tape:x:13:
>>>>> -kvm:x:14:
>>>>
>>>> Why is this file deleted and not renamed?
>>>
>>> git considers it a copy (see below) followed by a deletion and
>>> replacement with symlink.  It is, effectively, renamed.
>>>
>>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group
>>>>> new file mode 120000
>>>>> index 0000000..a9b248e
>>>>> --- /dev/null
>>>>> +++ b/host/rootfs/image/etc/group
>>>>> @@ -0,0 +1 @@
>>>>> +/run/etc/group
>>>>
>>>> ../run/etc/group?
>>>
>>> Okay, makes sense.
>>>
>>>>> \ No newline at end of file
>>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>>>> deleted file mode 100644
>>>>> index 29f3b25..0000000
>>>>> --- a/host/rootfs/image/etc/passwd
>>>>> +++ /dev/null
>>>>> @@ -1 +0,0 @@
>>>>> -root:x:0:0:System administrator:/:/bin/sh
>>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/passwd
>>>>> new file mode 120000
>>>>> index 0000000..889bb76
>>>>> --- /dev/null
>>>>> +++ b/host/rootfs/image/etc/passwd
>>>>> @@ -0,0 +1 @@
>>>>> +/run/etc/passwd
>>>>
>>>> ../run/etc/passwd?
>>>>
>>>>> \ No newline at end of file
>>>>> diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>>> similarity index 100%
>>>>> copy from host/rootfs/image/etc/group
>>>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/group
>>>>> diff --git a/host/rootfs/image/etc/group.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>>>> similarity index 100%
>>>>> rename from host/rootfs/image/etc/group.license
>>>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/group.license
>>>>> diff --git a/host/rootfs/image/etc/passwd b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>>>> similarity index 100%
>>>>> copy from host/rootfs/image/etc/passwd
>>>>> copy to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd
>>>>> diff --git a/host/rootfs/image/etc/passwd.license b/host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>>> similarity index 100%
>>>>> rename from host/rootfs/image/etc/passwd.license
>>>>> rename to host/rootfs/image/etc/s6-linux-init/run-image/etc/passwd.license
>>>>>
>>>>> base-commit: d0efa283216ebc503b4b715c051518ae7dbd8409
>>>>
>>>>
>>>> -- 
>>>> Sincerely,
>>>> Demi Marie Obenour (she/her/hers)
>>
>> Assuming I understood the diff correctly, and with relative symlinks:
>>
>> Reviewed-by: Demi Marie Obenour <demiobenour@gmail.com>
> 
> Wait, actually, why do we want relative symlinks?  Previously I've used
> them so you can follow the symlinks in the development tree, but that
> doesn't work here anyway because there's obviously no run in the tree.

Some tooling refuses to handle absolute symlinks as a security measure.
Not being able to copy a Spectrum development tree using Qubes OS's
qvm-copy would be less than great :).  Furthermore, I'd rather be
pointed to a nonexistent location in the development tree than to
a nonexistent location in the real /run (which, on some systems,
might even exist).
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2025-12-09 11:16 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-09  8:56 [PATCH 1/5] host/rootfs: make passwd and group links into /run Alyssa Ross
2025-12-09  8:56 ` [PATCH 2/5] host/rootfs: install shadow Alyssa Ross
2025-12-09  8:56 ` [PATCH 3/5] host/rootfs: move Wayland out of XDG_RUNTIME_DIR Alyssa Ross
2025-12-09  8:56 ` [PATCH 4/5] host/rootfs: weston: add XDG_RUNTIME_DIR note Alyssa Ross
2025-12-09  8:56 ` [PATCH 5/5] host/rootfs: add wayland group Alyssa Ross
2025-12-09 10:55   ` Demi Marie Obenour
2025-12-09 10:59     ` Alyssa Ross
2025-12-09 11:02       ` Demi Marie Obenour
2025-12-09 11:09         ` Alyssa Ross
2025-12-09 10:42 ` [PATCH 6/6] host/rootfs: run crosvm device gpu as non-root Alyssa Ross
2025-12-09 10:52 ` [PATCH 1/5] host/rootfs: make passwd and group links into /run Demi Marie Obenour
2025-12-09 10:57   ` Alyssa Ross
2025-12-09 11:03     ` Demi Marie Obenour
2025-12-09 11:11       ` Alyssa Ross
2025-12-09 11:15         ` Demi Marie Obenour

Code repositories for project(s) associated with this public inbox

	https://spectrum-os.org/git/crosvm
	https://spectrum-os.org/git/doc
	https://spectrum-os.org/git/mktuntap
	https://spectrum-os.org/git/nixpkgs
	https://spectrum-os.org/git/spectrum
	https://spectrum-os.org/git/ucspi-vsock
	https://spectrum-os.org/git/www

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).