12 Dec
2025
12 Dec
'25
6:02 p.m.
On 12/11/25 11:21, Alyssa Ross wrote:
The document portal has to be root to mount its fuse filesystem. This needs to be a shared namespace because virtiofsd needs to be in the same mount namespace as the document portal so that it sees the fuse filesystem, so we create a per-VM persistent user namespace.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
I think it would be cleanest to have a per-VM supervisor process that spawns each process in the correct namespace. This avoids having to manually unmount anything. This is definitely out of scope for now, though. Since a per-VM supervisor is needed for cgroup support, I think this should wait until cgroup support is done. -- Sincerely, Demi Marie Obenour (she/her/hers)