This will allow xdg-desktop-portal-spectrum-host to be run as a user without access to the VM directory. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- .../template/data/service/xdg-desktop-portal-spectrum-host/run | 3 ++- tools/start-vmm/lib.rs | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run index d2bf78ce..57e893d3 100755 --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/xdg-desktop-portal-spectrum-host/run @@ -6,7 +6,8 @@ importas -i VM VM export DBUS_SESSION_BUS_ADDRESS unix:path=/run/vm/by-id/${VM}/portal-bus -s6-ipcserver-socketbinder -a 0700 /run/vm/by-id/${VM}/vsock_219 +if { mkdir -p /run/vsock/${VM} } +s6-ipcserver-socketbinder -a 0700 /run/vsock/${VM}/vsock_219 # Notify readiness. if { fdmove 1 3 echo } diff --git a/tools/start-vmm/lib.rs b/tools/start-vmm/lib.rs index b44e0375..52c96c5e 100644 --- a/tools/start-vmm/lib.rs +++ b/tools/start-vmm/lib.rs @@ -154,7 +154,7 @@ pub fn vm_config(vm_dir: &Path) -> Result<VmConfig, String> { }, vsock: VsockConfig { cid: 3, - socket: vm_dir.join("vsock").into_os_string().into_string().unwrap(), + socket: format!("/run/vsock/{vm_name}/vsock"), }, landlock_enable: true, landlock_rules: vec![ -- 2.51.0