muvm-guest: Support root and user init scripts

Introduce two scripts that can be placed in ~/.local/share/muvm - init.sh: Executed as root, before dropping privileges - user.sh: Executed as the user, after dropping privileges This makes it possible to add custom VM configuration and setup or debugging scripts without having to hack on the muvm code. Signed-off-by: Asahi Lina <lina@asahilina.net>
asahilina · Oct 15, 2024 · 7109741 · 7109741
1 parent 98e2563
commit 7109741
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 0 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/muvm/Cargo.toml b/crates/muvm/Cargo.toml
@@ -23,6 +23,7 @@ tempfile = { version = "3.10.1", default-features = false, features = [] }
 tokio = { version = "1.38.0", default-features = false, features = ["io-util", "macros", "net", "process", "rt-multi-thread", "sync"] }
 tokio-stream = { version = "0.1.15", default-features = false, features = ["net", "sync"] }
 uuid = { version = "1.10.0", default-features = false, features = ["std", "v7"] }
+xdg = "2.5.2"
 
 [features]
 default = []

diff --git a/crates/muvm/src/guest/bin/muvm-guest.rs b/crates/muvm/src/guest/bin/muvm-guest.rs
@@ -1,4 +1,5 @@
 use std::cmp;
+use std::env;
 use std::os::unix::process::CommandExt as _;
 use std::process::Command;
 
@@ -13,6 +14,7 @@ use muvm::guest::sommelier::exec_sommelier;
 use muvm::guest::user::setup_user;
 use muvm::guest::x11::setup_x11_forwarding;
 use muvm::utils::env::find_in_path;
+use nix::unistd::User;
 use rustix::process::{getrlimit, setrlimit, Resource};
 
 fn main() -> Result<()> {
@@ -40,6 +42,18 @@ fn main() -> Result<()> {
     }
     Command::new("/usr/lib/systemd/systemd-udevd").spawn()?;
 
+    let user = User::from_uid(options.uid)?.unwrap();
+
+    // Hack to fetch the XDG directories for our target user, before we
+    // change uid.
+    // SAFETY: Safe if and only if `muvm-guest` program is not multithreaded.
+    // See https://doc.rust-lang.org/std/env/fn.set_var.html#safety
+    env::set_var("HOME", user.dir);
+    let xdg_dirs = xdg::BaseDirectories::with_prefix("muvm")?;
+    // SAFETY: Safe if and only if `muvm-guest` program is not multithreaded.
+    // See https://doc.rust-lang.org/std/env/fn.set_var.html#safety
+    env::remove_var("HOME");
+
     setup_fex()?;
 
     configure_network()?;
@@ -50,6 +64,14 @@ fn main() -> Result<()> {
             .spawn()?;
     }
 
+    for init_file in xdg_dirs.find_data_files("init.sh") {
+        Command::new(init_file)
+            .arg(format!("{}", options.uid))
+            .arg(format!("{}", options.gid))
+            .status()
+            .context("Failed to execute init.sh")?;
+    }
+
     let run_path = match setup_user(options.username, options.uid, options.gid) {
         Ok(p) => p,
         Err(err) => return Err(err).context("Failed to set up user, bailing out"),
@@ -63,6 +85,13 @@ fn main() -> Result<()> {
 
     setup_x11_forwarding(run_path)?;
 
+    for init_file in xdg_dirs.find_data_files("user.sh") {
+        eprintln!("{:?}", init_file);
+        Command::new(init_file)
+            .status()
+            .context("Failed to execute user.sh")?;
+    }
+
     // Will not return if successful.
     exec_sommelier(&options.command, &options.command_args)
         .context("Failed to execute sommelier")?;