From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 36D59269D;
	Mon, 01 Dec 2025 11:17:27 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 1BF5C2623; Mon, 01 Dec 2025 11:17:25 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
Received: from fout-b8-smtp.messagingengine.com
 (fout-b8-smtp.messagingengine.com [202.12.124.151])
	by atuin.qyliss.net (Postfix) with ESMTPS id C36782621
	for <devel@spectrum-os.org>; Mon, 01 Dec 2025 11:17:22 +0000 (UTC)
Received: from phl-compute-03.internal (phl-compute-03.internal [10.202.2.43])
	by mailfout.stl.internal (Postfix) with ESMTP id 38DA91D0017B;
	Mon,  1 Dec 2025 06:17:19 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-03.internal (MEProxy); Mon, 01 Dec 2025 06:17:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1764587839; x=1764674239; bh=oh8fJwsKXM
	w2nMkO4xzmERtVuIw+q7e6eKjG+6m0VDU=; b=HhWr9Mjv669A2Z7/fE0ZsHfBcM
	VUhn1UbvmIz4neQm7btCmUzVS5d2T2kYCeZxR7CPs0hVeiSZMbSFMC0rCJ9PWwVR
	GIcsguX+o055sK+iMZuGo+EebVZCeJp0Ic3EHwNZIfJ/shNK9E9ffmPnWpqq9TN7
	y+mU860XJdHTXh88ICBpJ/ZYPzpkVMr/Aoean3VZDtIb0aTbfjwN1DHETHmJgWO7
	whxGnsx/yibK4N4uWc/y1SJy3cuU926CTxcGTjYFV6SUgWdY+tfPzuoyhiK2am1m
	xwRl9PTwAhJsXkaeIPOyKbdxJaFt3dM5PxQGUgwLiMcyjSbnt3GljR5i6A+w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1764587839; x=1764674239; bh=oh8fJwsKXMw2nMkO4xzmERtVuIw+q7e6eKj
	G+6m0VDU=; b=MDPu3MmxFz4XqIh0eQSxnRbCjxDCj6gqAsdUT+gy+1li7mbuuE7
	JND3qzzWwBCVsQZmv8aKDgRc7rpUZbf8dCbBoWYDokmabhTF/tR27TL1gP2/HW3F
	OLCP9Rk8isbCOLEpBibHZlCREDUoZ0arsYPfyL6MiZTmYSaDNyRXwrHg5WUFqnSC
	/7Lx6RRlbJ7NfYaDT8N9J8QjhFXxhaKQRjokVotDbeTlprup5Z1a2F95/5jAjr50
	vfLvb1X+vbwRqFO6FDPGwhdm3FpOdNgdwZDkyKMW8BiYDYyrjp42DcDtYkk0V8Gn
	5NIJM0/iC1y3qtEIK2AK7W5Id/Xum6+i1vQ==
X-ME-Sender: <xms:PnktaQF_gmss-ANV3Xgc0j8IUEJq1DtVY1HBo6-K6wh-ykQ5w39iUw>
    <xme:PnktaVrmQbk_w-4vR3ZiQScASx-JbrcTkuKW1lybMVp1PQ8KaC43jUHv4b25sHIYO
    QinMMAvrceW6S6lxRl3mDdCX5jV9idxJ79SLNa96fPy51cwqcU>
X-ME-Received: 
 <xmr:Pnktac75-oubzzv6eg-OAIsUABxY_i2Y1qFtEum0SilD3t2Uo7eVPEJ00eAJh09FIw>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvheejheejucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf
    gurhephffvvefujghffffkgggtsehgtderredttdejnecuhfhrohhmpeetlhihshhsrgcu
    tfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpefhteeigf
    fgkefhteejkeffvdegvdeghfeitdeilefgudejfedtteevffdvleefueenucffohhmrghi
    nhepshhpvggtthhruhhmqdhoshdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurf
    grrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrdhishdpnhgspghrtghpthht
    ohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepuggvmhhiohgsvghnohhurh
    esghhmrghilhdrtghomhdprhgtphhtthhopeguvghvvghlsehsphgvtghtrhhumhdqohhs
    rdhorhhg
X-ME-Proxy: <xmx:PnktaT4Qx9xN4rgNHTFwlT_4Dw60CTyYGfTZvOSJLB-4T7vwaJLanQ>
    <xmx:PnktaZGUysorvXBpJ1QJ-WqQJrhHobd_bwf-FX5ABTsQ7QP75vGyrQ>
    <xmx:PnktacTQQTXopGGZYuO_TqbNyXC-TL5ldF6qS9etbm5RK9mdWu2kAA>
    <xmx:PnktaSt5DCXKimLf5NCFUaqbvr6aAx1TQ3JL26IjSVma9iEh4oWTrg>
    <xmx:P3ktaVRDByuMG1w5re3T9wtCtw9MP2J8DaFTDo0vt_HmFT_Rv7_9hLeS>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 1 Dec 2025 06:17:18 -0500 (EST)
Received: by fw12.qyliss.net (Postfix, from userid 1000)
	id A51943F19695; Mon, 01 Dec 2025 12:17:01 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: Demi Marie Obenour <demiobenour@gmail.com>
Subject: Re: [PATCH v4 5/5] host/rootfs: add run-flatpak script
In-Reply-To: <c1bfafd4-51a6-4b41-8b74-218291954dd3@gmail.com>
References: <20251201044534.977524-1-hi@alyssa.is>
 <20251201044534.977524-9-hi@alyssa.is>
 <c1bfafd4-51a6-4b41-8b74-218291954dd3@gmail.com>
Date: Mon, 01 Dec 2025 12:17:00 +0100
Message-ID: <877bv6wixf.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: VVZETJFAHFZ4EZONM7Q6SJRMECZSGKVJ
X-Message-ID-Hash: VVZETJFAHFZ4EZONM7Q6SJRMECZSGKVJ
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: devel@spectrum-os.org
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/VVZETJFAHFZ4EZONM7Q6SJRMECZSGKVJ/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 11/30/25 23:45, Alyssa Ross wrote:
>> This is the entrypoint for running Flatpak applications.
>>=20
>> It would be good to only add mounts for the VM in virtiofsd's mount
>> namespace, so we don't need to do lots of manual unmounts, but that's
>> a wider change affecting more than just Flatpak.
>>=20
>> I've tested this by copying my host's Flatpak repository into a disk
>> image, and attaching that as a drive to the VM.
>>=20
>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>> ---
>> v4: use the new VM mount namespace
>> v3: https://spectrum-os.org/lists/archives/spectrum-devel/20251127202311=
.42422-7-hi@alyssa.is/
>>=20
>>  host/rootfs/default.nix               | 12 +++----
>>  host/rootfs/file-list.mk              |  1 +
>>  host/rootfs/image/usr/bin/run-flatpak | 47 +++++++++++++++++++++++++++
>>  3 files changed, 54 insertions(+), 6 deletions(-)
>>  create mode 100755 host/rootfs/image/usr/bin/run-flatpak
>>=20
>> diff --git a/host/rootfs/default.nix b/host/rootfs/default.nix
>> index 57dd7a9..ca2084f 100644
>> --- a/host/rootfs/default.nix
>> +++ b/host/rootfs/default.nix
>> @@ -12,9 +12,9 @@ pkgsMusl.callPackage (
>>  , lib, stdenvNoCC, nixos, runCommand, writeClosure, erofs-utils, s6-rc
>>  , btrfs-progs, busybox, cloud-hypervisor, cosmic-files, crosvm
>>  , cryptsetup, dejavu_fonts, dbus, execline, foot, fuse3, iproute2
>> -, inotify-tools, jq, kmod, mdevd, mesa, s6, s6-linux-init, socat
>> -, systemd, util-linuxMinimal, virtiofsd, westonLite
>> -, xdg-desktop-portal, xdg-desktop-portal-gtk
>> +, inotify-tools, jq, kmod, mdevd, mesa, mount-flatpak, s6
>> +, s6-linux-init, socat, systemd, util-linuxMinimal, virtiofsd
>> +, westonLite, xdg-desktop-portal, xdg-desktop-portal-gtk
>>  , xdg-desktop-portal-spectrum-host
>>  }:
>>=20=20
>> @@ -26,9 +26,9 @@ let
>>=20=20
>>    packages =3D [
>>      btrfs-progs cloud-hypervisor cosmic-files crosvm cryptsetup dbus
>> -    execline fuse3 inotify-tools iproute2 jq kmod mdevd s6 s6-linux-init
>> -    s6-rc socat spectrum-host-tools spectrum-router util-linuxMinimal v=
irtiofsd
>> -    xdg-desktop-portal-spectrum-host
>> +    execline fuse3 inotify-tools iproute2 jq kmod mdevd mount-flatpak s6
>> +    s6-linux-init s6-rc socat spectrum-host-tools spectrum-router
>> +    util-linuxMinimal virtiofsd xdg-desktop-portal-spectrum-host
>>=20=20
>>      (foot.override { allowPgo =3D false; })
>>=20=20
>> diff --git a/host/rootfs/file-list.mk b/host/rootfs/file-list.mk
>> index bfe3940..df22bce 100644
>> --- a/host/rootfs/file-list.mk
>> +++ b/host/rootfs/file-list.mk
>> @@ -55,6 +55,7 @@ FILES =3D \
>>  	image/usr/bin/assign-devices \
>>  	image/usr/bin/create-vm-dependencies \
>>  	image/usr/bin/run-appimage \
>> +	image/usr/bin/run-flatpak \
>>  	image/usr/bin/run-vmm \
>>  	image/usr/bin/spectrum-update \
>>  	image/usr/bin/vm-console \
>> diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/u=
sr/bin/run-flatpak
>> new file mode 100755
>> index 0000000..d7914a7
>> --- /dev/null
>> +++ b/host/rootfs/image/usr/bin/run-flatpak
>> @@ -0,0 +1,47 @@
>> +#!/bin/execlineb -W
>> +# SPDX-License-Identifier: EUPL-1.2+
>> +# SPDX-FileCopyrightText: 2024-2025 Alyssa Ross <hi@alyssa.is>
>> +
>> +backtick -E dir { mktemp -d /run/vm/by-id/XXXXXX }
>> +backtick -E id { basename -- $dir }
>> +
>> +if {
>> +  elgetpositionals
>
> Serial substitution again!  Should not be an issue as $id and $dir
> should not contain =E2=80=98$=E2=80=99, but nicer to avoid.

Indeed.  That's why I left dir and id, as previously discussed.

https://spectrum-os.org/lists/archives/spectrum-devel/87cy57311s.fsf@alyssa=
.is/

> You can use =E2=80=98elgetpositionals=E2=80=99 with =E2=80=98multisubstit=
ute=E2=80=99 instead.

Not trivial to avoid serial substitution that way, as I'd also have to
lose the dir substitution or redefine it, and diverge from run-appimage
along the way.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaS15LAAKCRCZddwkt31p
FSDeAP9Rm60CR25o29k7Y+RCOzCHW1byPcVd2W4w/CRRTm8jggEA80MKn4OAvdlE
bIWAnYxegXq+/rzE267aWTvGsQkzzg4=
=+7vC
-----END PGP SIGNATURE-----
--=-=-=--