From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 71528280B; Mon, 01 Dec 2025 11:31:28 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 094F927B8; Mon, 01 Dec 2025 11:31:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-b8-smtp.messagingengine.com (fhigh-b8-smtp.messagingengine.com [202.12.124.159]) by atuin.qyliss.net (Postfix) with ESMTPS id 9B2F827B7 for ; Mon, 01 Dec 2025 11:31:24 +0000 (UTC) Received: from phl-compute-11.internal (phl-compute-11.internal [10.202.2.51]) by mailfhigh.stl.internal (Postfix) with ESMTP id D9D0F7A0149; Mon, 1 Dec 2025 06:31:21 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-11.internal (MEProxy); Mon, 01 Dec 2025 06:31:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1764588681; x=1764675081; bh=XQzHARJxUI LAa2rYEbnPEZ5OrALCtmm5mYMSJNL7CHM=; b=Yds9bDzYrDhwNqP5imgnneuCGR M7+2LMBbVnwjuF0rFkkCEe3u5nTct2zaKGE8lm0ClMfK6mQKGDwYOfZiWGciJlS6 T/KUY4Awx35txG6QrazgSvQ8aCz/pTqBEISFf9YJQIvA62PL8lMsec71bguWiSs6 EEAy9G7GmejPY66WCtNSOrnY6Xb0aFwH1eGpWMLPoaL1cZLVFPNE9QTXzy62PbIY LH7cOGoOtipxLin/OBKGOrKhZxG2k7tb6R+Gg+wI7zqhVm8teLRWSpYmWhwqTWX3 efAcrTPAaaih8+u3nej5d+PzPZAaCSa8DHJAParG8BMKYyP0rs8Y4MUF/IGA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1764588681; x=1764675081; bh=XQzHARJxUILAa2rYEbnPEZ5OrALCtmm5mYM SJNL7CHM=; b=w6KGALJhclAQb73a5BTb8yJ1biIfrbu38tI7pS5ELntEhC5BcYY TUc69wqZMSBIWEX5FoNUK2DDzaiFxeagN6ZRJ3F9AlIhhT/qJxn49wZw7o22LjhA HCMugTl9VrZIgVR4IlYz6UICrkbDPgqeyqhSgv43ieucgGpUlreXTRXY4Toc5sNU HCTIRz7OlRsDReCON1hvkMEpV0YliyLlcyx7BRFGT5Bo4UDsox3R1vH6/zLv5nMu zTW1/Qy/zCGIFIQUYBc+mMvmGVDFdVGvJLEQJbrg4Diqxlp7hcNxqtHaeGKneK0W 1cfvpxb/rPrlFdq/Hji7ChI+RHr8qVtJGDw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvheejheelucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhephffvvefujghffffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcu tfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeeiudffue eilefgtefgtddttdekkeehkefgheekudefveetgeefiefftedvteeuveenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrd hishdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep uggvmhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgtphhtthhopeguvghvvghlse hsphgvtghtrhhumhdqohhsrdhorhhg X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 1 Dec 2025 06:31:21 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id E47E73F1B315; Mon, 01 Dec 2025 12:31:04 +0100 (CET) From: Alyssa Ross To: Demi Marie Obenour Subject: Re: [PATCH 13/13] img/app: run applications as non-root In-Reply-To: References: <20251126213407.1773744-1-hi@alyssa.is> <20251126213407.1773744-13-hi@alyssa.is> Date: Mon, 01 Dec 2025 12:31:03 +0100 Message-ID: <871plewia0.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: URXY76KXDD27Y2DEGFICPVRYIVVNOULD X-Message-ID-Hash: URXY76KXDD27Y2DEGFICPVRYIVVNOULD X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: devel@spectrum-os.org X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain Demi Marie Obenour writes: > On 11/26/25 16:34, Alyssa Ross wrote: >> The session bus has to run as the same user as the application, >> because xdg-desktop-portal expects to be able to open the >> application's /proc/pid/root to check if it's a Flatpak. > > I recommend having the session bus socket in the standard location > in case applications have hard-coded it. Non-standard locations are > probably not tested at all. We'll tie ourselves in knots if we try to accomodate every compatibility problem that could possibly exist without knowing that it actually does. In this case I wouldn't expect it to be very commonly hardcoded because reading DBUS_SESSION_BUS_ADDRESS is easier than either reading XDG_RUNTIME_DIR and appending to it, or checking uid and constructing the path based on that. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaS18dwAKCRCZddwkt31p FQIWAQDKAVYp8VM+pz8XQfNgmnmFcc+PyVMW79h/LTd4DQIBvwEAvTT0/+21lKKu kK9cKXQFjOG6sxg05UijsqglR1LY+Qs= =eGiA -----END PGP SIGNATURE----- --=-=-=--