Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/10/25 07:47, Alyssa Ross wrote:
The document portal has to be root to mount its fuse filesystem. This needs to be a shared namespace because virtiofsd needs to be in the same mount namespace as the document portal so that it sees the fuse filesystem, so we create a per-VM persistent user namespace.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
(snip)
diff --git a/host/rootfs/image/usr/bin/run-appimage b/host/rootfs/image/usr/bin/run-appimage index 47cab4c5..5e8e29fa 100755 --- a/host/rootfs/image/usr/bin/run-appimage +++ b/host/rootfs/image/usr/bin/run-appimage @@ -44,4 +44,6 @@ if { s6-instance-delete /run/service/vm-services $id }
if { umount ${dir}/mount } # mount namespace if { umount ${dir}/mount } # private bind mount +if { umount ${dir}/user } # user namespace +if { umount ${dir}/user } # private bind mount rm -r $dir /run/configs/${id} diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/usr/bin/run-flatpak index bb366735..86ccc12a 100755 --- a/host/rootfs/image/usr/bin/run-flatpak +++ b/host/rootfs/image/usr/bin/run-flatpak @@ -46,4 +46,6 @@ if { s6-instance-delete -- /run/service/vm-services $id }
if { umount ${dir}/mount } # mount namespace if { umount ${dir}/mount } # private bind mount +if { umount ${dir}/user } # user namespace +if { umount ${dir}/user } # private bind mount rm -r $dir /run/configs/${id}
Why is it necessary to unmount twice here?
Because we mount twice, just like the comments say. It is a bit counterintuitive though. Namespaces can only be mounted onto a mountpoint that itself has private propagation. This is why we create a private bind mount at the start of create-vm-dependencies before unshare bind mounts the namespaces. You can also see this in an example in unshare(1). Perhaps it would be better and clearer to have /run/vm/by-id/${VM}/ns as a private mountpoint, with the nsfs files inside? That way, each of them only needs to be unmounted once, and then the ns directory also has to be unmounted once.