Create $XDG_RUNTIME_DIR in /run/user/{uid}

Using tempfile::Builder::tempdir() defaults to creating this directory
in /tmp, which is shared with the host and often somewhat persistent.
This causes one extra directory to be created in the host /tmp every
time muvm runs.

Since we mount /run as a tmpfs now in the guest now, just create
$XDG_RUNTIME_DIR in /run/user/{uid}, a common default. Specifically:

- Create /run/user as 0o755 (rwxr-xr-x) owned by root:root
- Create /run/user/{uid} as 0o700 (rwx------) owned by uid:gid

Signed-off-by: Vivian Wang <[email protected]>

Author: dramforever

crates/muvm/src/guest/user.rs

@@ -1,25 +1,28 @@
 use std::env;
-use std::fs::{self, Permissions};
-use std::os::unix::fs::{chown, PermissionsExt as _};
+use std::fs;
+use std::os::unix::fs::chown;
 use std::path::{Path, PathBuf};
 
 use crate::guest::hidpipe::UINPUT_PATH;
+use crate::utils::fs::mkdir_mode;
 use anyhow::{anyhow, Context, Result};
 use nix::sys::wait::{waitpid, WaitStatus};
 use nix::unistd::{fork, setresgid, setresuid, ForkResult, Gid, Uid, User};
 
 pub fn setup_user(uid: Uid, gid: Gid) -> Result<PathBuf> {
     setup_directories(uid, gid)?;
 
+    let path = PathBuf::from(format!("/run/user/{uid}"));
+
+    mkdir_mode(path.parent().unwrap(), 0o755)?;
+    mkdir_mode(&path, 0o700)?;
+
+    chown(&path, Some(uid.into()), Some(gid.into()))
+        .with_context(|| format!("Failed to chown {path:?}"))?;
+
     setresgid(gid, gid, Gid::from(0)).context("Failed to setgid")?;
     setresuid(uid, uid, Uid::from(0)).context("Failed to setuid")?;
 
-    let path = tempfile::Builder::new()
-        .prefix(&format!("muvm-run-{uid}-"))
-        .permissions(Permissions::from_mode(0o700))
-        .tempdir()
-        .context("Failed to create temp dir for `XDG_RUNTIME_DIR`")?
-        .into_path();
     // SAFETY: Safe if and only if `muvm-guest` program is not multithreaded.
     // See https://doc.rust-lang.org/std/env/fn.set_var.html#safety
     env::set_var("XDG_RUNTIME_DIR", &path);

crates/muvm/src/utils/fs.rs

@@ -1,5 +1,5 @@
 use std::fs;
-use std::os::unix::fs::PermissionsExt as _;
+use std::os::unix::fs::{DirBuilderExt as _, PermissionsExt as _};
 use std::path::{Path, PathBuf};
 
 use anyhow::{Context, Result};
@@ -25,3 +25,10 @@ where
 
     Ok(None)
 }
+
+pub fn mkdir_mode<P: AsRef<Path>>(path: P, mode: u32) -> Result<()> {
+    fs::DirBuilder::new()
+        .mode(mode)
+        .create(&path)
+        .with_context(|| format!("Failed to create {:?}", path.as_ref()))
+}