From b48a10ad94c92175e9c0957d45b691763dc13f80 Mon Sep 17 00:00:00 2001
From: Adam Stolcenburg <adam_stolcenburg@comcast.com>
Date: Thu, 11 Dec 2025 18:58:40 +0100
Subject: [PATCH] Support running of apps without rw layer

Ref: #RDKEAPPRT-487
---
 bolt/README.md              |  4 ++-
 bolt/src/bolt.cjs           |  4 ++-
 bolt/src/config.cjs         |  1 +
 bolt/src/run.cjs            | 52 ++++++++++++++++++++++++++++++++++---
 bolt/src/runtime-config.cjs |  1 -
 5 files changed, 56 insertions(+), 6 deletions(-)

diff --git a/bolt/README.md b/bolt/README.md
index 75c4dcb..70a7d8e 100644
--- a/bolt/README.md
+++ b/bolt/README.md
@@ -45,10 +45,12 @@ Usage:
   bolt push <remote> <package-name>
       Copy a bolt package to a remote device via SSH
 
-  bolt run <remote> <package-name>
+  bolt run <remote> <package-name> [option]
       Execute a bolt package on a remote device
       --develop              Run with elevated privileges to simplify debugging
       --clear-storage        Clear persistent storage before running the package
+      --rw-overlay=<true/false>
+          Enable/disable read/write layer over the package rootfs
       --uid=<uid>            Run with the specified user ID
       --gid=<gid>            Run with the specified group ID
       --userns=<true/false>  Enable/disable user namespace
diff --git a/bolt/src/bolt.cjs b/bolt/src/bolt.cjs
index 08acb33..26d6c2d 100644
--- a/bolt/src/bolt.cjs
+++ b/bolt/src/bolt.cjs
@@ -45,10 +45,12 @@ Usage:
   bolt push <remote> <package-name>
       Copy a bolt package to a remote device via SSH
 
-  bolt run <remote> <package-name>
+  bolt run <remote> <package-name> [option]
       Execute a bolt package on a remote device
       --develop              Run with elevated privileges to simplify debugging
       --clear-storage        Clear persistent storage before running the package
+      --rw-overlay=<true/false>
+          Enable/disable read/write layer over the package rootfs
       --uid=<uid>            Run with the specified user ID
       --gid=<gid>            Run with the specified group ID
       --userns=<true/false>  Enable/disable user namespace
diff --git a/bolt/src/config.cjs b/bolt/src/config.cjs
index 9a8e6ea..75b26c1 100644
--- a/bolt/src/config.cjs
+++ b/bolt/src/config.cjs
@@ -27,3 +27,4 @@ exports.AI2_MANAGERS_ENABLED_FILE = "/opt/ai2managers";
 // select random UID and GID (34567) to avoid conflicts with existing users/groups
 exports.DEFAULT_UID = 34567;
 exports.DEFAULT_GID = 34567;
+exports.PROCESS_HOME_DIR = "/home";
diff --git a/bolt/src/run.cjs b/bolt/src/run.cjs
index 022aef8..01b9b00 100644
--- a/bolt/src/run.cjs
+++ b/bolt/src/run.cjs
@@ -169,6 +169,9 @@ function setupResources(remote, pkg) {
 function prepareBundle(remote, pkg, bundleConfig, layers, options) {
   const bundleDir = remote.getPkgBundleDir(pkg);
   const bundleRootfsDir = bundleDir + "/rootfs";
+  const rwOverlay = options.rwOverlay ?? true;
+  let upperDirMount = "";
+  let rwDirs;
 
   if (remote.isMounted(bundleRootfsDir)) {
     remote.unmount(bundleRootfsDir);
@@ -178,10 +181,31 @@ function prepareBundle(remote, pkg, bundleConfig, layers, options) {
     remote.rmdir(`${bundleDir}`);
   }
 
-  remote.mkdir(`${bundleRootfsDir} ${bundleDir}/rw/{upper,work}`);
-  remote.exec(`chmod 777 ${bundleDir}/rw/{upper,work}`);
+  bundleConfig.process.env.push('HOME=' + config.PROCESS_HOME_DIR);
 
-  remote.exec(`mount -t overlay overlay -o lowerdir=${layers.join(":")},upperdir=${bundleDir}/rw/upper,workdir=${bundleDir}/rw/work ${bundleRootfsDir}`);
+  if (rwOverlay) {
+    rwDirs = `${bundleDir}/rw/work ${bundleDir}/rw/upper${config.PROCESS_HOME_DIR}`;
+    upperDirMount = `,upperdir=${bundleDir}/rw/upper,workdir=${bundleDir}/rw/work`;
+  } else {
+    rwDirs = `${bundleDir}${config.PROCESS_HOME_DIR}`;
+    bundleConfig.mounts.push({
+      source: rwDirs,
+      destination: config.PROCESS_HOME_DIR,
+      type: "bind",
+      options: [
+        "rbind",
+        "nosuid",
+        "nodev",
+        "rw"
+      ]
+    });
+  }
+
+  remote.mkdir(`${bundleRootfsDir} ${rwDirs}`);
+  remote.exec(`chown ${bundleConfig.process.user.uid}:${bundleConfig.process.user.gid} ${rwDirs}`);
+  remote.exec(`chmod 700 ${rwDirs}`);
+
+  remote.exec(`mount -t overlay overlay -o lowerdir=${layers.join(":")}${upperDirMount} ${bundleRootfsDir}`);
   remote.storeObject(`${bundleDir}/config.json`, bundleConfig);
 }
 
@@ -389,4 +413,26 @@ exports.runOptions = {
     }
     return false;
   },
+
+  "rw-overlay"(params, result) {
+    const paramValue = params.options["rw-overlay"];
+    let rwOverlay;
+
+    switch (paramValue) {
+      case "true":
+        rwOverlay = true;
+        break;
+      case "false":
+        rwOverlay = false;
+        break;
+      default:
+        return false;
+    }
+
+    Object.assign(result, {
+      rwOverlay,
+    });
+
+    return true;
+  },
 };
diff --git a/bolt/src/runtime-config.cjs b/bolt/src/runtime-config.cjs
index 8d106bc..bc0dcdb 100644
--- a/bolt/src/runtime-config.cjs
+++ b/bolt/src/runtime-config.cjs
@@ -32,7 +32,6 @@ const template = {
     "env": [
       "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
       "TERM=xterm",
-      "HOME=/home/root",
     ],
     "cwd": "/",
     "capabilities": {