From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id ADBCD23C7F;
	Thu, 11 Dec 2025 12:47:36 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 5F0A123BF9; Thu, 11 Dec 2025 12:47:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fhigh-a5-smtp.messagingengine.com
 (fhigh-a5-smtp.messagingengine.com [103.168.172.156])
	by atuin.qyliss.net (Postfix) with ESMTPS id 15B7523C79
	for <devel@spectrum-os.org>; Thu, 11 Dec 2025 12:47:33 +0000 (UTC)
Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45])
	by mailfhigh.phl.internal (Postfix) with ESMTP id D13501400130;
	Thu, 11 Dec 2025 07:47:30 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-05.internal (MEProxy); Thu, 11 Dec 2025 07:47:30 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1765457250; x=1765543650; bh=NQ0VkZH1yT
	qs54KjK+qaUJAabjof2TICsDYiDfUHxbo=; b=SrotDCKLjfHVbc9CyczbDgEZ2e
	reShtWI3WpIgJALyu6FgMIJhiitIC2YWEUl8ZKIznZysGZEBEAzOLZIunr3P/iIF
	NURISujYLBkXU3SQQB5AY30M4cI8/4QdrtMZUDpDQs41Pl2Lk56BturSFUAIa3jW
	qHE8NEdOdHqRJPY7KeVkb/M+UmLB1QgQFQsZkzi3xPxaCyLHgSBkh58GdRCKcX09
	weAfs60drXailxHDktW7oYhJ35qtoTeSoLeKfgoyK74ymPDqccpTyPN6lvjTWYie
	wJ3nV5rY0Rvbz9khydkj56HOlu+LshLdGebhFQ3LwSbpJxOWWBtpyxW0panA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1765457250; x=1765543650; bh=NQ0VkZH1yTqs54KjK+qaUJAabjof2TICsDY
	iDfUHxbo=; b=QJr34M+eyieSqad3C2ezigLCnP6yUbMmErmbfgg0a7C77lv0IQ/
	XAKpECoU3UxAwf9XhhEYuwleCIqxQqPvHEW3BOUGSz6YQBj2BRh9GMv7Gh0bKBsz
	HNuSp5owTGQMs+1J+Cc+XmxG+xb5/LwGQoKmaaH/Lmva9D/MVHtO2otu3I1WKzjP
	rgPuDrdEoqO65diY8oaOP0yh3pidzTF7CKzds939T87gv6HUtHxuyJCUkrYe9hrG
	DjykNsTgWg14uFMDCsu/AnunUZB5JNoMTkbAvMC62qEWVSBlLI4PT7TezPOOzZ1j
	wA6YwerAy3qvWOHYOeklSdaBIfGtjlf8ffg==
X-ME-Sender: <xms:Yr06afIFZrmHN0jIu6zBjDC6hVMQj68R8RrCo5Z0b5YC88ZEYsnQAg>
    <xme:Yr06affgirL4MesJ7HKrgHV3x8i4nUpI5gzc_xLetztpEgFfvpQpVBF8tofhONwVF
    DCaygkx4YlosmfqaxoLrEStW_DO_EboPTVSk_duUE-8oEtKzNEhW7M>
X-ME-Received: 
 <xmr:Yr06aae88m-6h4z838Prm1YzQHPQ5TIKel-Mqh0AYDnyUB--GvdpnhiW-_lsEm6U0g>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvheefhecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug
    hrpefhvffujghffffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcutfho
    shhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpedvuedviedvhe
    fhieektddvvdehgfehffelveeuiefggfdtffffueejudejjeekjeenucevlhhushhtvghr
    ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrdhish
    dpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepuggv
    mhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgtphhtthhopeguvghvvghlsehsph
    gvtghtrhhumhdqohhsrdhorhhg
X-ME-Proxy: <xmx:Yr06aaP8X1Rljz394sJq76O7f0ahfJICulNWShppACZKFleeu2tLnA>
    <xmx:Yr06aZL5ZZ5ytQxtgof2ViZZgKKFkpsBcf3OTGPCZAT3wgo-QXLLqw>
    <xmx:Yr06aTG4Fub53-ZteWLluuVoh3MruSrdr59f_cs0FQSZd8rmT8gXzw>
    <xmx:Yr06aZTwGpaybCM_v3ATc4-JfqVGkGEXVAEEKusrvtAL1DKvkPrp9w>
    <xmx:Yr06aS0HuECSWXhglXi8DgKZki8lstX3bW-HESYSCW7AD_RB0KiCNTAY>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 11 Dec 2025 07:47:30 -0500 (EST)
Received: by fw12.qyliss.net (Postfix, from userid 1000)
	id ACD9F6E35DF1; Thu, 11 Dec 2025 13:47:19 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: Demi Marie Obenour <demiobenour@gmail.com>, devel@spectrum-os.org
Subject: Re: [PATCH 6/8] host/rootfs: move xdp runtime dir out of VM dir
In-Reply-To: <3f7bd790-6efb-4e0b-b9f1-425d26dc86eb@gmail.com>
References: <20251210124757.1080443-1-hi@alyssa.is>
 <20251210124757.1080443-6-hi@alyssa.is>
 <3f7bd790-6efb-4e0b-b9f1-425d26dc86eb@gmail.com>
Date: Thu, 11 Dec 2025 13:47:18 +0100
Message-ID: <87jyyt5go9.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: GQUKOMVCHVKKBXP6NFCKM6BTJMX7EMEN
X-Message-ID-Hash: GQUKOMVCHVKKBXP6NFCKM6BTJMX7EMEN
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/GQUKOMVCHVKKBXP6NFCKM6BTJMX7EMEN/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Demi Marie Obenour <demiobenour@gmail.com> writes:

> On 12/10/25 07:47, Alyssa Ross wrote:
>> This will enable running D-Bus as a user that does not have access to
>> VM directories.
>>=20
>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>> ---
>>  host/rootfs/image/usr/bin/create-vm-dependencies            | 6 ++++--
>>  .../services/org.freedesktop.portal.Documents.service       | 2 +-
>>  2 files changed, 5 insertions(+), 3 deletions(-)
>>=20
>
> (snip)
>
>> @@ -27,7 +27,9 @@ if {
>>    # can be writable block-based bind mounted subdirectories.
>>    if { mount --rbind -o nofail /run/vm/by-id/${1}/config/fs /run/vm/by-=
id/${1}/fs/config }
>>    if { mount --rbind -o ro /run/vm/by-id/${1}/fs /run/vm/by-id/${1}/fs }
>> -  mount --rbind /run/vm/by-id/${1}/doc-run/doc /run/vm/by-id/${1}/fs/doc
>> +
>> +  if { mount --make-shared --rbind /run/doc/${1} /run/doc/${1} }
>> +  mount --rbind /run/doc/${1}/doc /run/vm/by-id/${1}/fs/doc
>>  }
>
> This could definitely use a lot more comments.  For instance, why is
> --make-shared needed?  What about --rbind?
>
> I trust that you tested this code and it works, but it isn't obvious
> *why* it works or why it must be written this way.
>
> It would be best to have a document explaining what all of the mount
> points and namespaces are, why they are as they are, and what mount
> propagation is involved.

I think a separate document would quickly go out of date, but I'm happy
to add some comments inline.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaTq9VgAKCRCZddwkt31p
FWIXAP4wkCu579VUi6EMWp1+hd5FwMoqxJWRfHUJW14YL2mz9gEAj4LzGynyVpfh
RHxmEEz/7KfA1bINERnuoXM1rQUMrA8=
=EKgd
-----END PGP SIGNATURE-----
--=-=-=--