From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 0126B112E7; Mon, 08 Dec 2025 17:49:27 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 8DA5F112E2; Mon, 08 Dec 2025 17:49:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-a4-smtp.messagingengine.com (fhigh-a4-smtp.messagingengine.com [103.168.172.155]) by atuin.qyliss.net (Postfix) with ESMTPS id A3195112E1 for ; Mon, 08 Dec 2025 17:49:23 +0000 (UTC) Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45]) by mailfhigh.phl.internal (Postfix) with ESMTP id A00761400220; Mon, 8 Dec 2025 12:49:21 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-05.internal (MEProxy); Mon, 08 Dec 2025 12:49:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1765216161; x=1765302561; bh=FOSPZBsVMA LnqGotaynHZtaRCUInRxIyRS/7bYRGZL8=; b=IxNvrMjGPO0kWLo5W9Wa2VwXPK cXTbosOOgBlno+uebl3uaTNAYBW5FZZgjRSkKSEN7X2NLbC65y5HPtSpuLhWSOV/ 8iZWlLERrmcvkPU83P8mqUtxHycAtgUjvgtmrrbwySNu1a/+p7jfS8Vbm2iGRIvP 2bKHmrkFR63R6xzbsFP+Bb60zixxiWuxCkLRQ2Gz2Daga3oA3qG/SSUebPtRa8w9 dI/v8QzxVAEsW5l1sFz3dEvKrHQ2Nxj7yCTe9GDjD7Xdi4iaX/4jID7QXqsVPn9Y eXpRBJBZiW/egWspUoTvFFpHNSnA5SEwczosTbwkKQbnV7XF+kpWLMnL4+Dw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1765216161; x=1765302561; bh=FOSPZBsVMALnqGotaynHZtaRCUInRxIyRS/ 7bYRGZL8=; b=GTvHkShkJ4z+tD+xH+bJmGZuRNP0iIQzY+bN4l8vuzjugO/6B7H yfLCbrgM6qIF7C5g9CtPiOsDWkSMJhDNOyrltYoE+nAEMc2ybR/aR4ygXG1CEVb5 gM3NvTuR0OALHWDPJ8j6hN2snXNS7sBihyEHhV1MXtTzNYZ+UHmeHeXsHgegF5U3 O5d++bu8q+8nra6j02by3833xpIzmX28600o8O9c2CjHZ2FHwbGex5hZCRBaE9S6 Drbu5wy7wwLXiRRTibHC/wRAhl4ZMGK2OXW48dZH5EGhsNv9pUWLPTQre8GW76HF UdR97Sx6PFf6jvwtb8+pGpO8a7mA/kGD5og== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddujeefvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefhvfevufgjfhffkfggtgesghdtreertddtjeenucfhrhhomheptehlhihsshgrucft ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepheehgfetve fgfeevtdetueekgfehfeelueeutddtudeuiefhvdelleffheffhfegnecuffhomhgrihhn pehmrghtrhhigidrthhopdhfrghirhihughushhtrdhsphgrtggvpdhmrghtrhhigidroh hrghdpuggrthgrrghtuhhrshgvrhhvihgtvgdrshgvnecuvehluhhsthgvrhfuihiivgep tdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrihhspdhnsggprh gtphhtthhopeefpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeguvghmihhosggv nhhouhhrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepjhhohhgrnhhnvghsrdhsuhgvlh hlnhgvrhesmhgrihhlsghogidrohhrghdprhgtphhtthhopeguvghvvghlsehsphgvtght rhhumhdqohhsrdhorhhg X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 8 Dec 2025 12:49:21 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id 5116B5A354E5; Mon, 08 Dec 2025 18:49:15 +0100 (CET) From: Alyssa Ross To: Demi Marie Obenour Subject: Re: [PATCH] vm/app/systemd-sysupdate: fix mounting overlay In-Reply-To: <6e5909aa-db8d-48c5-afbd-83ad242f2957@gmail.com> References: <20251208154738.300709-1-hi@alyssa.is> <87pl8olw6c.fsf@alyssa.is> <6e5909aa-db8d-48c5-afbd-83ad242f2957@gmail.com> Date: Mon, 08 Dec 2025 18:49:13 +0100 Message-ID: <87ms3slv8m.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: R52QOKOR7PSHWU5AA75BKWSULTF4BX6Z X-Message-ID-Hash: R52QOKOR7PSHWU5AA75BKWSULTF4BX6Z X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Johannes =?utf-8?Q?S=C3=BCllner?= , devel@spectrum-os.org X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Demi Marie Obenour writes: > On 12/8/25 12:28, Alyssa Ross wrote: >> Demi Marie Obenour writes: >>=20 >>> On 12/8/25 10:47, Alyssa Ross wrote: >>>> This assumed it would be run as root, so has been broken since we >>>> stopped running application scripts as root inside img/app VMs. >>>> >>>> Reported-by: Johannes S=C3=BCllner >>>> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3B= IP00EIzW-qOqzJswkwzgYyQLKpbfDDp0uo6k?via=3Dfairydust.space&via=3Dmatrix.org= &via=3Ddataaturservice.se >>>> Fixes: 8bfcbf9 ("img/app: run applications as non-root") >>>> Signed-off-by: Alyssa Ross >>>> --- >>>> vm/app/systemd-sysupdate/download-update | 1 + >>>> 1 file changed, 1 insertion(+) >>>> >>>> diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd= -sysupdate/download-update >>>> index eada41c..335e389 100755 >>>> --- a/vm/app/systemd-sysupdate/download-update >>>> +++ b/vm/app/systemd-sysupdate/download-update >>>> @@ -3,6 +3,7 @@ >>>> # SPDX-FileCopyrightText: 2025 Demi Marie Obenour >>>> export LC_ALL C >>>> export LANGUAGE C >>>> +unshare -rUm >>> >>> -r implies -U, and it would be more readable to use the long forms >>> of these options. >>> >>=20 >> And yet mount -o and -t, and mktemp -d? (I can change it, but I have a >> general preference for short options to stop lines getting too long, and >> for portability when necessary.) > > I use mount and mktemp often enough that I have these options > memorized. I had to look up the options to unshare. Not a very objective standard! (I use unshare enough that I had these options memorized.) We should possibly come up with some well-reasoned guidelines for this, but until then I'd like to continue using short options for consistency, so that it's at least not up for debate every time. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaTcPmQAKCRCZddwkt31p FXVnAQCSVC3h+8jAWPqATQuHcF+FhuOT/RS2KhVKufeXLhsVjgD7BqJwK8PAZ9zj qQPcYuchfqfH8pHc1Nb685jW0ejKyg8= =yGEL -----END PGP SIGNATURE----- --=-=-=--