Demi Marie Obenour writes: > On 9/8/25 04:59, Alyssa Ross wrote: >> Demi Marie Obenour writes: >> >>> DIRS = \ >>> - dev \ >>> etc/s6-linux-init/env \ >>> etc/s6-linux-init/run-image/configs \ >>> etc/s6-linux-init/run-image/service/dbus/instance \ >>> @@ -90,14 +89,11 @@ DIRS = \ >>> etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/instances \ >>> etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/data \ >>> etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/env \ >>> - etc/s6-linux-init/run-image/user \ >>> etc/s6-linux-init/run-image/vm/by-id \ >>> etc/s6-linux-init/run-image/vm/by-name \ >>> etc/s6-linux-init/run-image/wait \ >>> ext \ >>> - run \ >>> - proc \ >>> - sys \ >>> + root \ >> >> I'm not sure what we'd want /root for? Root's home directory is /. > > It is certainly /root on my systems. > On Spectrum it is not, because there's no need for an extraneous, empty, read-only directory: root:x:0:0:System administrator:/:/bin/sh >>> diff --git a/scripts/make-erofs.sh b/scripts/make-erofs.sh >>> index d566a4ac7b30f55338fe9b8b6a94702686f6ddd1..5196394d405310971659b0dbc0c91cfcaaaf9118 100755 >>> --- a/scripts/make-erofs.sh >>> +++ b/scripts/make-erofs.sh >>> @@ -115,5 +115,39 @@ find "$root" \ >>> find "$root/etc" "$root/var" ! -type l -execdir chmod u+w,go-w,ugo+rX -- '{}' + >>> chmod 0755 "$root" >>> >>> +# Fix permissions on / so that the subsequent commands work >>> +chmod 0755 "$root" >>> + >>> +# Create the basic mount points for pseudo-filesystems and tmpfs filesystems. >>> +# These should always be mounted over, so use 0400 permissions for them. >>> +# 0000 would be better, but it breaks mkfs.erofs as it tries to open the >>> +# directories for reading. >>> +mkdir -m 0400 "$root/dev" "$root/proc" "$root/run" "$root/sys" "$root/tmp" >>> + >>> +# Cause s6-linux-init to create /run/lock and /run/user >>> +# with the correct mode (0755) and create /home, >>> +# /var/cache, /var/log, and /var/spool directly. >>> +mkdir -m 0755 \ >>> + "$root/etc/s6-linux-init/run-image/lock" \ >>> + "$root/etc/s6-linux-init/run-image/user" \ >>> + "$root/home" \ >>> + "$root/var/cache" \ >>> + "$root/var/log" \ >>> + "$root/var/spool" >>> + >>> +# Create symbolic links that are always expected to exist. >>> +chmod 0755 "$root/usr" >>> +ln -s ../proc/self/mounts "$root/etc/mtab" >>> +ln -s ../run "$root/var/run" >>> +ln -s ../run/lock "$root/var/lock" >>> +ln -s ../tmp "$root/var/tmp" >>> +ln -s bin "$root/usr/sbin" >>> +ln -s lib "$root/usr/lib64" >> >> This doesn't seem right as a generic thing. Nix-built binaries won't >> ever need this. It's only in img/app for AppImage etc. compatibility. >> Not relevant to other images. > > I decided it was better to add all of these now to avoid any sort of > problems later on. The size impact is tiny and the cost of debugging > a problem later on would not be. In particular, contributors not so > used to NixOS might assume these exist. I think they'll very quickly figure it out.