On 12/8/25 12:49, Alyssa Ross wrote: > Demi Marie Obenour writes: > >> On 12/8/25 12:28, Alyssa Ross wrote: >>> Demi Marie Obenour writes: >>> >>>> On 12/8/25 10:47, Alyssa Ross wrote: >>>>> This assumed it would be run as root, so has been broken since we >>>>> stopped running application scripts as root inside img/app VMs. >>>>> >>>>> Reported-by: Johannes Süllner >>>>> Link: https://matrix.to/#/!xSysqhzbOZImdvGpix:fairydust.space/$9psDI3BIP00EIzW-qOqzJswkwzgYyQLKpbfDDp0uo6k?via=fairydust.space&via=matrix.org&via=dataaturservice.se >>>>> Fixes: 8bfcbf9 ("img/app: run applications as non-root") >>>>> Signed-off-by: Alyssa Ross >>>>> --- >>>>> vm/app/systemd-sysupdate/download-update | 1 + >>>>> 1 file changed, 1 insertion(+) >>>>> >>>>> diff --git a/vm/app/systemd-sysupdate/download-update b/vm/app/systemd-sysupdate/download-update >>>>> index eada41c..335e389 100755 >>>>> --- a/vm/app/systemd-sysupdate/download-update >>>>> +++ b/vm/app/systemd-sysupdate/download-update >>>>> @@ -3,6 +3,7 @@ >>>>> # SPDX-FileCopyrightText: 2025 Demi Marie Obenour >>>>> export LC_ALL C >>>>> export LANGUAGE C >>>>> +unshare -rUm >>>> >>>> -r implies -U, and it would be more readable to use the long forms >>>> of these options. >>>> >>> >>> And yet mount -o and -t, and mktemp -d? (I can change it, but I have a >>> general preference for short options to stop lines getting too long, and >>> for portability when necessary.) >> >> I use mount and mktemp often enough that I have these options >> memorized. I had to look up the options to unshare. > > Not a very objective standard! (I use unshare enough that I had these > options memorized.) Coding style is pretty much always subjective 🙂. > We should possibly come up with some well-reasoned guidelines for this, > but until then I'd like to continue using short options for consistency, > so that it's at least not up for debate every time. Fair! -- Sincerely, Demi Marie Obenour (she/her/hers)