From c421925efce456642e44cf3149043300878cdf6f Mon Sep 17 00:00:00 2001 From: Vivian Wang Date: Sun, 26 Oct 2025 02:44:20 +0800 Subject: [PATCH] Create $XDG_RUNTIME_DIR in /run/user/{uid} Using tempfile::Builder::tempdir() defaults to creating this directory in /tmp, which is shared with the host and often somewhat persistent. This causes one extra directory to be created in the host /tmp every time muvm runs. Since we mount /run as a tmpfs now in the guest now, just create $XDG_RUNTIME_DIR in /run/user/{uid}, a common default. Specifically: - Create /run/user as 0o755 (rwxr-xr-x) owned by root:root - Create /run/user/{uid} as 0o700 (rwx------) owned by uid:gid Signed-off-by: Vivian Wang --- crates/muvm/src/guest/user.rs | 19 +++++++++++-------- crates/muvm/src/utils/fs.rs | 9 ++++++++- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/crates/muvm/src/guest/user.rs b/crates/muvm/src/guest/user.rs index 798f69ea..506e0fbc 100644 --- a/crates/muvm/src/guest/user.rs +++ b/crates/muvm/src/guest/user.rs @@ -1,9 +1,10 @@ use std::env; -use std::fs::{self, Permissions}; -use std::os::unix::fs::{chown, PermissionsExt as _}; +use std::fs; +use std::os::unix::fs::chown; use std::path::{Path, PathBuf}; use crate::guest::hidpipe::UINPUT_PATH; +use crate::utils::fs::mkdir_mode; use anyhow::{anyhow, Context, Result}; use nix::sys::wait::{waitpid, WaitStatus}; use nix::unistd::{fork, setresgid, setresuid, ForkResult, Gid, Uid, User}; @@ -11,15 +12,17 @@ use nix::unistd::{fork, setresgid, setresuid, ForkResult, Gid, Uid, User}; pub fn setup_user(uid: Uid, gid: Gid) -> Result { setup_directories(uid, gid)?; + let path = PathBuf::from(format!("/run/user/{uid}")); + + mkdir_mode(path.parent().unwrap(), 0o755)?; + mkdir_mode(&path, 0o700)?; + + chown(&path, Some(uid.into()), Some(gid.into())) + .with_context(|| format!("Failed to chown {path:?}"))?; + setresgid(gid, gid, Gid::from(0)).context("Failed to setgid")?; setresuid(uid, uid, Uid::from(0)).context("Failed to setuid")?; - let path = tempfile::Builder::new() - .prefix(&format!("muvm-run-{uid}-")) - .permissions(Permissions::from_mode(0o700)) - .tempdir() - .context("Failed to create temp dir for `XDG_RUNTIME_DIR`")? - .into_path(); // SAFETY: Safe if and only if `muvm-guest` program is not multithreaded. // See https://doc.rust-lang.org/std/env/fn.set_var.html#safety env::set_var("XDG_RUNTIME_DIR", &path); diff --git a/crates/muvm/src/utils/fs.rs b/crates/muvm/src/utils/fs.rs index 4b1147d1..07d58c7b 100644 --- a/crates/muvm/src/utils/fs.rs +++ b/crates/muvm/src/utils/fs.rs @@ -1,5 +1,5 @@ use std::fs; -use std::os::unix::fs::PermissionsExt as _; +use std::os::unix::fs::{DirBuilderExt as _, PermissionsExt as _}; use std::path::{Path, PathBuf}; use anyhow::{Context, Result}; @@ -25,3 +25,10 @@ where Ok(None) } + +pub fn mkdir_mode>(path: P, mode: u32) -> Result<()> { + fs::DirBuilder::new() + .mode(mode) + .create(&path) + .with_context(|| format!("Failed to create {:?}", path.as_ref())) +}