On 12/10/25 07:47, Alyssa Ross wrote:
> The document portal has to be root to mount its fuse filesystem.  This
> needs to be a shared namespace because virtiofsd needs to be in the
> same mount namespace as the document portal so that it sees the fuse
> filesystem, so we create a per-VM persistent user namespace.
> 
> Signed-off-by: Alyssa Ross <hi@alyssa.is>

(snip)

> diff --git a/host/rootfs/image/usr/bin/run-appimage b/host/rootfs/image/usr/bin/run-appimage
> index 47cab4c5..5e8e29fa 100755
> --- a/host/rootfs/image/usr/bin/run-appimage
> +++ b/host/rootfs/image/usr/bin/run-appimage
> @@ -44,4 +44,6 @@ if { s6-instance-delete /run/service/vm-services $id }
>  
>  if { umount ${dir}/mount } # mount namespace
>  if { umount ${dir}/mount } # private bind mount
> +if { umount ${dir}/user } # user namespace
> +if { umount ${dir}/user } # private bind mount
>  rm -r $dir /run/configs/${id}
> diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/usr/bin/run-flatpak
> index bb366735..86ccc12a 100755
> --- a/host/rootfs/image/usr/bin/run-flatpak
> +++ b/host/rootfs/image/usr/bin/run-flatpak
> @@ -46,4 +46,6 @@ if { s6-instance-delete -- /run/service/vm-services $id }
>  
>  if { umount ${dir}/mount } # mount namespace
>  if { umount ${dir}/mount } # private bind mount
> +if { umount ${dir}/user } # user namespace
> +if { umount ${dir}/user } # private bind mount
>  rm -r $dir /run/configs/${id}

Why is it necessary to unmount twice here?
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)