[PATCH 3/8] host/rootfs: move portal bus socket out of VM dir

10 Dec 2025

This will allow xdg-desktop-portal-spectrum-host to be run as a user
without access to the VM directory.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/Makefile                                            | 1 +
 .../service/vm-services/template/data/service/dbus/run          | 2 +-
 .../template/data/service/xdg-desktop-portal-spectrum-host/run  | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile
index 7bec1259..b9e0fdd9 100644
--- a/host/rootfs/Makefile
+++ b/host/rootfs/Makefile
@@ -14,6 +14,7 @@ DIRS = \
 	dev \
 	etc/s6-linux-init/env \
 	etc/s6-linux-init/run-image/configs \
+	etc/s6-linux-init/run-image/portal-bus \
 	etc/s6-linux-init/run-image/sd-notify-wrapper \
 	etc/s6-linux-init/run-image/service/serial-getty/instance \
 	etc/s6-linux-init/run-image/service/serial-getty/instances \
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run
index 365e1697..83e97c65 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/dbus/run
@@ -4,7 +4,7 @@
 
 importas -i VM VM
 
-s6-ipcserver-socketbinder -B /run/vm/by-id/${VM}/portal-bus
+s6-ipcserver-socketbinder -B /run/portal-bus/${VM}
 
 fdmove -c 3 0
 redirfd -r 0 /dev/null
diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run
index 57e893d3..9e493dff 100755
--- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run
+++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run
@@ -4,7 +4,7 @@
 
 importas -i VM VM
 
-export DBUS_SESSION_BUS_ADDRESS unix:path=/run/vm/by-id/${VM}/portal-bus
+export DBUS_SESSION_BUS_ADDRESS unix:path=/run/portal-bus/${VM}
 
 if { mkdir -p /run/vsock/${VM} }
 s6-ipcserver-socketbinder -a 0700 /run/vsock/${VM}/vsock_219
-- 
2.51.0

    