The session bus has to run as the same user as the application, because xdg-desktop-portal expects to be able to open the application's /proc/pid/root to check if it's a Flatpak. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- img/app/image/etc/s6-rc/app/run | 13 ++++--------- img/app/image/etc/s6-rc/dbus-vsock/run | 2 ++ img/app/image/etc/s6-rc/dbus/run | 3 +++ 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/img/app/image/etc/s6-rc/app/run b/img/app/image/etc/s6-rc/app/run index 601926b..5ce5b3a 100755 --- a/img/app/image/etc/s6-rc/app/run +++ b/img/app/image/etc/s6-rc/app/run @@ -4,15 +4,8 @@ export TMPDIR /run -backtick USER { id -un } -backtick HOME { - importas -i user USER - homeof $user -} - -importas -i home HOME -if { mkdir -p -- $home } -cd $home +export HOME /home/user +cd /home/user if { /etc/mdev/wait virtiofs0 } @@ -22,6 +15,7 @@ foreground { case $type { appimage { if { modprobe fuse } + s6-setuidgid user export LD_LIBRARY_PATH /lib64 /run/virtiofs/virtiofs0/config/run } @@ -32,6 +26,7 @@ foreground { store /nix/store } + s6-setuidgid user /run/virtiofs/virtiofs0/config/run } } diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run index 37fae7d..4733bae 100755 --- a/img/app/image/etc/s6-rc/dbus-vsock/run +++ b/img/app/image/etc/s6-rc/dbus-vsock/run @@ -14,4 +14,6 @@ systemd-socket-activate -l vsock::219 --now if { fdmove 1 3 echo } fdclose 3 +s6-setuidgid user + socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus diff --git a/img/app/image/etc/s6-rc/dbus/run b/img/app/image/etc/s6-rc/dbus/run index a609e86..031d730 100644 --- a/img/app/image/etc/s6-rc/dbus/run +++ b/img/app/image/etc/s6-rc/dbus/run @@ -3,6 +3,9 @@ # SPDX-FileCopyrightText: 2023, 2025 Alyssa Ross <hi@alyssa.is> s6-ipcserver-socketbinder -Ba 0770 /run/session-bus +if { chown user: /run/session-bus } + +s6-setuidgid user export LISTEN_FDS 1 getpid LISTEN_PID -- 2.51.0