This will enable running D-Bus as a user that does not have access to VM directories. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- v2: add comment explaining --make-shared v1: https://spectrum-os.org/lists/archives/spectrum-devel/20251210124757.1080443... host/rootfs/image/usr/bin/create-vm-dependencies | 8 ++++++-- .../services/org.freedesktop.portal.Documents.service | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/host/rootfs/image/usr/bin/create-vm-dependencies b/host/rootfs/image/usr/bin/create-vm-dependencies index 34dace4b..fc2bec7b 100755 --- a/host/rootfs/image/usr/bin/create-vm-dependencies +++ b/host/rootfs/image/usr/bin/create-vm-dependencies @@ -4,7 +4,7 @@ if { mkdir -p - /run/vm/by-id/${1}/doc-run/doc + /run/doc/${1}/doc /run/vm/by-id/${1}/fs/config /run/vm/by-id/${1}/fs/doc /run/vm/by-id/${1}/ns @@ -27,7 +27,11 @@ if { # can be writable block-based bind mounted subdirectories. if { mount --rbind -o nofail /run/vm/by-id/${1}/config/fs /run/vm/by-id/${1}/fs/config } if { mount --rbind -o ro /run/vm/by-id/${1}/fs /run/vm/by-id/${1}/fs } - mount --rbind /run/vm/by-id/${1}/doc-run/doc /run/vm/by-id/${1}/fs/doc + + # Needs to be shared so that when xdg-document-portal mounts its fuse + # filesystem at /run/doc/${1}/doc, it will propagate to /run/fs/${1}/doc. + if { mount --make-shared --rbind /run/doc/${1} /run/doc/${1} } + mount --rbind /run/doc/${1}/doc /run/vm/by-id/${1}/fs/doc } if { s6-instance-create /run/service/vm-services $1 } diff --git a/host/rootfs/image/usr/share/dbus-1/services/org.freedesktop.portal.Documents.service b/host/rootfs/image/usr/share/dbus-1/services/org.freedesktop.portal.Documents.service index f4dd53e3..be24f080 100644 --- a/host/rootfs/image/usr/share/dbus-1/services/org.freedesktop.portal.Documents.service +++ b/host/rootfs/image/usr/share/dbus-1/services/org.freedesktop.portal.Documents.service @@ -3,4 +3,4 @@ [D-BUS Service] Name=org.freedesktop.portal.Documents -Exec=/bin/importas -Si VM export XDG_RUNTIME_DIR /run/vm/by-id/${VM}/doc-run xdg-document-portal +Exec=/bin/importas -Si VM export XDG_RUNTIME_DIR /run/doc/${VM} xdg-document-portal -- 2.51.0