On 12/8/25 12:28, Alyssa Ross wrote: > Demi Marie Obenour writes: > >> On 12/8/25 10:47, Alyssa Ross wrote: >>> This assumed it would be run as root, so has been broken since we >>> stopped running application scripts as root inside img/app VMs. >>> >>> Reported-by: Johannes Süllner >>> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOqzJswkwzgYyQLKpbfDDp0uo6k?via=fairydust.space&via=matrix.org&via=dataaturservice.se >>> Fixes: 8bfcbf9 ("img/app: run applications as non-root") >>> Signed-off-by: Alyssa Ross >>> --- >>> vm/app/systemd-sysupdate/download-update | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update >>> index eada41c..335e389 100755 >>> --- a/vm/app/systemd-sysupdate/download-update >>> +++ b/vm/app/systemd-sysupdate/download-update >>> @@ -3,6 +3,7 @@ >>> # SPDX-FileCopyrightText: 2025 Demi Marie Obenour >>> export LC_ALL C >>> export LANGUAGE C >>> +unshare -rUm >> >> -r implies -U, and it would be more readable to use the long forms >> of these options. >> > > And yet mount -o and -t, and mktemp -d? (I can change it, but I have a > general preference for short options to stop lines getting too long, and > for portability when necessary.) I use mount and mktemp often enough that I have these options memorized. I had to look up the options to unshare. -- Sincerely, Demi Marie Obenour (she/her/hers)