Demi Marie Obenour writes: > On 12/10/25 07:47, Alyssa Ross wrote: >> This will enable running D-Bus as a user that does not have access to >> VM directories. >> >> Signed-off-by: Alyssa Ross >> --- >> host/rootfs/image/usr/bin/create-vm-dependencies | 6 ++++-- >> .../services/org.freedesktop.portal.Documents.service | 2 +- >> 2 files changed, 5 insertions(+), 3 deletions(-) >> > > (snip) > >> @@ -27,7 +27,9 @@ if { >> # can be writable block-based bind mounted subdirectories. >> if { mount --rbind -o nofail /run/vm/by-id/${1}/config/fs /run/vm/by-id/${1}/fs/config } >> if { mount --rbind -o ro /run/vm/by-id/${1}/fs /run/vm/by-id/${1}/fs } >> - mount --rbind /run/vm/by-id/${1}/doc-run/doc /run/vm/by-id/${1}/fs/doc >> + >> + if { mount --make-shared --rbind /run/doc/${1} /run/doc/${1} } >> + mount --rbind /run/doc/${1}/doc /run/vm/by-id/${1}/fs/doc >> } > > This could definitely use a lot more comments. For instance, why is > --make-shared needed? What about --rbind? > > I trust that you tested this code and it works, but it isn't obvious > *why* it works or why it must be written this way. > > It would be best to have a document explaining what all of the mount > points and namespaces are, why they are as they are, and what mount > propagation is involved. I think a separate document would quickly go out of date, but I'm happy to add some comments inline.