We should stop running applications as root, and for applications like Firefox, we'll need a writable home directory. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- img/app/Makefile | 2 +- img/app/image/etc/fstab | 13 +++++++------ img/app/image/etc/group | 1 + img/app/image/etc/passwd | 1 + 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/img/app/Makefile b/img/app/Makefile index 2838554..ddfc8ef 100644 --- a/img/app/Makefile +++ b/img/app/Makefile @@ -30,7 +30,7 @@ $(imgdir)/appvm/blk/root.img: ../../scripts/make-gpt.sh ../../scripts/sfdisk-fie build/rootfs.erofs:root:5460386f-2203-4911-8694-91400125c604:root mv $@.tmp $@ -DIRS = dev run proc sys tmp \ +DIRS = dev home/user run proc sys tmp \ etc/s6-linux-init/run-image/pipewire \ etc/s6-linux-init/run-image/service \ etc/s6-linux-init/run-image/user \ diff --git a/img/app/image/etc/fstab b/img/app/image/etc/fstab index a466dcc..edd2d7f 100644 --- a/img/app/image/etc/fstab +++ b/img/app/image/etc/fstab @@ -1,7 +1,8 @@ # SPDX-License-Identifier: CC0-1.0 -# SPDX-FileCopyrightText: 2020-2022 Alyssa Ross <hi@alyssa.is> -proc /proc proc defaults 0 0 -devpts /dev/pts devpts gid=5,mode=620 0 0 -tmpfs /dev/shm tmpfs defaults 0 0 -sysfs /sys sysfs defaults 0 0 -tmpfs /tmp tmpfs defaults 0 0 +# SPDX-FileCopyrightText: 2020-2022, 2025 Alyssa Ross <hi@alyssa.is> +proc /proc proc defaults 0 0 +devpts /dev/pts devpts gid=5,mode=620 0 0 +tmpfs /dev/shm tmpfs defaults 0 0 +sysfs /sys sysfs defaults 0 0 +tmpfs /tmp tmpfs defaults 0 0 +tmpfs /home/user tmpfs mode=0700,uid=1000,gid=1000 0 0 diff --git a/img/app/image/etc/group b/img/app/image/etc/group index 0bf6579..b2c3a2e 100644 --- a/img/app/image/etc/group +++ b/img/app/image/etc/group @@ -1,3 +1,4 @@ wayland:x:1:wayland wireplumber:x:2:wireplumber pipewire:x:3:pipewire +user:x:1000:user diff --git a/img/app/image/etc/passwd b/img/app/image/etc/passwd index 631554c..08324b0 100644 --- a/img/app/image/etc/passwd +++ b/img/app/image/etc/passwd @@ -2,3 +2,4 @@ root:x:0:0:System administrator:/run/root:/bin/sh wayland:x:1:1:wayland-proxy-virtwl service user:/:/usr/bin/nologin wireplumber:x:2:2:WirePlumber service user:/:/usr/bin/nologin pipewire:x:3:3:PipeWire service user:/:/usr/bin/nologin +user:x:1000:1000:Spectrum application user:/home/user:/bin/sh -- 2.51.0