[PATCH 5/8] host/rootfs: create a per-VM user namespace

10 Dec 2025

The document portal has to be root to mount its fuse filesystem.  This
needs to be a shared namespace because virtiofsd needs to be in the
same mount namespace as the document portal so that it sees the fuse
filesystem, so we create a per-VM persistent user namespace.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 host/rootfs/image/usr/bin/create-vm-dependencies | 9 +++++++--
 host/rootfs/image/usr/bin/run-appimage           | 2 ++
 host/rootfs/image/usr/bin/run-flatpak            | 2 ++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/host/rootfs/image/usr/bin/create-vm-dependencies b/host/rootfs/image/usr/bin/create-vm-dependencies
index d4a10ab4..7ce19ed2 100755
--- a/host/rootfs/image/usr/bin/create-vm-dependencies
+++ b/host/rootfs/image/usr/bin/create-vm-dependencies
@@ -2,8 +2,9 @@
 # SPDX-License-Identifier: EUPL-1.2+
 # SPDX-FileCopyrightText: 2024-2025 Alyssa Ross <hi@alyssa.is>
 
-if { touch /run/vm/by-id/${1}/mount }
+if { touch /run/vm/by-id/${1}/mount /run/vm/by-id/${1}/user }
 if { mount --make-private --bind /run/vm/by-id/${1}/mount /run/vm/by-id/${1}/mount }
+if { mount --make-private --bind /run/vm/by-id/${1}/user /run/vm/by-id/${1}/user }
 
 if {
   mkdir -p
@@ -13,7 +14,11 @@ if {
 }
 
 if {
-  unshare --propagation=slave --mount=/run/vm/by-id/${1}/mount
+  unshare --propagation=slave
+    --map-users all
+    --map-groups all
+    --mount=/run/vm/by-id/${1}/mount
+    --user=/run/vm/by-id/${1}/user
 
   if { mount --make-shared --rbind /run/vm/by-id/${1} /run/vm/by-id/${1} }
 
diff --git a/host/rootfs/image/usr/bin/run-appimage b/host/rootfs/image/usr/bin/run-appimage
index 47cab4c5..5e8e29fa 100755
--- a/host/rootfs/image/usr/bin/run-appimage
+++ b/host/rootfs/image/usr/bin/run-appimage
@@ -44,4 +44,6 @@ if { s6-instance-delete /run/service/vm-services $id }
 
 if { umount ${dir}/mount } # mount namespace
 if { umount ${dir}/mount } # private bind mount
+if { umount ${dir}/user } # user namespace
+if { umount ${dir}/user } # private bind mount
 rm -r $dir /run/configs/${id}
diff --git a/host/rootfs/image/usr/bin/run-flatpak b/host/rootfs/image/usr/bin/run-flatpak
index bb366735..86ccc12a 100755
--- a/host/rootfs/image/usr/bin/run-flatpak
+++ b/host/rootfs/image/usr/bin/run-flatpak
@@ -46,4 +46,6 @@ if { s6-instance-delete -- /run/service/vm-services $id }
 
 if { umount ${dir}/mount } # mount namespace
 if { umount ${dir}/mount } # private bind mount
+if { umount ${dir}/user } # user namespace
+if { umount ${dir}/user } # private bind mount
 rm -r $dir /run/configs/${id}
-- 
2.51.0

    