From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 12CC623DF1; Thu, 11 Dec 2025 13:06:41 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 4103F23DE7; Thu, 11 Dec 2025 13:06:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-a5-smtp.messagingengine.com (fhigh-a5-smtp.messagingengine.com [103.168.172.156]) by atuin.qyliss.net (Postfix) with ESMTPS id 0530623DE5 for ; Thu, 11 Dec 2025 13:06:37 +0000 (UTC) Received: from phl-compute-01.internal (phl-compute-01.internal [10.202.2.41]) by mailfhigh.phl.internal (Postfix) with ESMTP id CF5BB1400151; Thu, 11 Dec 2025 08:06:35 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-01.internal (MEProxy); Thu, 11 Dec 2025 08:06:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1765458395; x=1765544795; bh=0wVks5pDKH bYM6WGYVOOjrO0jIz4/GQoo4sFCihlHRA=; b=cIVUyRxxTXC4f1BK6ClIUgLzEn iwmBV77VJ8Gl0VHO+lxZZU02KUQLweng0zHs7o90xHVFgHUptTZuGfnp/aMxsxlo GrrJa/LyE2JdxhLVj4qeptrHvF5gHH/o8ION73Fpkj5GPB6V7BS+vd/o5pe9BFTr 2VyjoEMKj9VhrA7yGXEL/DmnAC3pWVqLlxLPE+8UW+QIic/xuiNuye5Wj91d/rjd Tuf5c6qShUyoXCpVZ2X8kibTyrCddtofMtS7pWTawOyxtGtVurQmz7jyJ3Tx3B88 abe8kVGcrVn3jSoQIluUJPMnRTOamgn3LQpJRHVENV73AEyXAeV8uzER1Gog== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1765458395; x=1765544795; bh=0wVks5pDKHbYM6WGYVOOjrO0jIz4/GQoo4s FCihlHRA=; b=YOzyrSEs+JKqKar4i1R/0pL5TfSz4sDGGMmWlefjiQyQuTCUtLy Tclq/6xpo6ZdkUR/0mp0WdzJOQtRwgZNbOjJ8TMcV9Egp/iIH2WrfoW1GApnPJhg J+QksArXsTHEdmjsVMoTMJilqdBTvwUOAN7GF3rfg0oNq/RcnX1vlEN5pSqrL4lg PuOvTZ/PQmqHi//OgB5KIXSeHHA+3X9zluTdZvvZ6+tNmh8NuCgnvQOrSd1VPm5r mF6b9YjKHFKvtPxkMmdFCV9NuzJ6iIgdxvTpIsEJHwSKpsVbNpPOsTPveMuxySAs JIystmjgkHZUCWlF9Tifd4kLHZxnT1PYWLQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvheefkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefhvfevufgjfhffkfggtgesghdtreertddttdenucfhrhhomheptehlhihsshgrucft ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepieduffeuie elgfetgfdttddtkeekheekgfehkedufeevteegfeeiffetvdetueevnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrih hspdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegu vghmihhosggvnhhouhhrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepuggvvhgvlhessh hpvggtthhruhhmqdhoshdrohhrgh X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 11 Dec 2025 08:06:35 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id 65D4C6E602A7; Thu, 11 Dec 2025 14:06:09 +0100 (CET) From: Alyssa Ross To: Demi Marie Obenour Subject: Re: [PATCH 6/8] host/rootfs: move xdp runtime dir out of VM dir In-Reply-To: <87jyyt5go9.fsf@alyssa.is> References: <20251210124757.1080443-1-hi@alyssa.is> <20251210124757.1080443-6-hi@alyssa.is> <3f7bd790-6efb-4e0b-b9f1-425d26dc86eb@gmail.com> <87jyyt5go9.fsf@alyssa.is> Date: Thu, 11 Dec 2025 14:06:07 +0100 Message-ID: <87fr9h5fsw.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: WZMXWEN5A3CEROWFWDNR2YPHWJNPOMQH X-Message-ID-Hash: WZMXWEN5A3CEROWFWDNR2YPHWJNPOMQH X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: devel@spectrum-os.org X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Alyssa Ross writes: > Demi Marie Obenour writes: > >> On 12/10/25 07:47, Alyssa Ross wrote: >>> This will enable running D-Bus as a user that does not have access to >>> VM directories. >>>=20 >>> Signed-off-by: Alyssa Ross >>> --- >>> host/rootfs/image/usr/bin/create-vm-dependencies | 6 ++++-- >>> .../services/org.freedesktop.portal.Documents.service | 2 +- >>> 2 files changed, 5 insertions(+), 3 deletions(-) >>>=20 >> >> (snip) >> >>> @@ -27,7 +27,9 @@ if { >>> # can be writable block-based bind mounted subdirectories. >>> if { mount --rbind -o nofail /run/vm/by-id/${1}/config/fs /run/vm/by= -id/${1}/fs/config } >>> if { mount --rbind -o ro /run/vm/by-id/${1}/fs /run/vm/by-id/${1}/fs= } >>> - mount --rbind /run/vm/by-id/${1}/doc-run/doc /run/vm/by-id/${1}/fs/d= oc >>> + >>> + if { mount --make-shared --rbind /run/doc/${1} /run/doc/${1} } >>> + mount --rbind /run/doc/${1}/doc /run/vm/by-id/${1}/fs/doc >>> } >> >> This could definitely use a lot more comments. For instance, why is >> --make-shared needed? What about --rbind? >> >> I trust that you tested this code and it works, but it isn't obvious >> *why* it works or why it must be written this way. >> >> It would be best to have a document explaining what all of the mount >> points and namespaces are, why they are as they are, and what mount >> propagation is involved. > > I think a separate document would quickly go out of date, but I'm happy > to add some comments inline. =2D-rbind is perhaps worth discussing. I consider it best practice to always use --rbind over --bind, because generally the idea with a bind mount is to copy a whole hierarchy from one place to another. With =2D-bind you have to know the internal structure of that hierarchy and be sure you only want the top-level mount; with --rbind you just think in terms of the hierarchy. There are also some situations where it's mandatory to use --rbind: where a --bind would reveal hierarchies in the mountpoint that have been hidden by extra bind mounts being placed over the top. (I won't put this in a comment here because we use --rbind all over the place, but it's something that would make sense to put into developer guidelines once we have a documentation structure that accomodates such a thing.) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaTrBvwAKCRCZddwkt31p Fd83AQCL0Fy0jovxEl+9lrtdOe1n+ggDFXqTVDN0kYZAwzjnuQD9EnaPEQ1dQ7Hp SaWiAXqjaXFhMmenpHCVvhHl6b7RYAQ= =m9NX -----END PGP SIGNATURE----- --=-=-=--