From bbee225016761a0831927b910a151d3cec4a572c Mon Sep 17 00:00:00 2001
From: Sebastian Munoz <sebastian.munoz@viam.com>
Date: Thu, 12 Mar 2026 20:44:43 -0400
Subject: [PATCH 1/2] Copying the binary to a temporary directory before
 calling it as the User

---
 run.sh | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/run.sh b/run.sh
index 27ac8a1..013122f 100755
--- a/run.sh
+++ b/run.sh
@@ -12,12 +12,14 @@ if [ "$(uname)" = "Darwin" ] && [ "$(id -u)" -eq 0 ]; then
     CONSOLE_USER=$(stat -f '%Su' /dev/console)
 
     if [ -n "$CONSOLE_USER" ] && [ "$CONSOLE_USER" != "root" ]; then
-        # Transfer ownership to console user so they can access binary
-        chown -R "$CONSOLE_USER" "$SCRIPT_DIR"
-        chown "$CONSOLE_USER" "$SCRIPT_DIR/.."
+        # Copy binary to /tmp so the console user can traverse the path.
+        # The module may be installed under /var/root/ (drwx------), which
+        # the console user cannot traverse even if they own the binary.
+        TMPBIN=$(mktemp /tmp/audio-module-XXXXXX)
+        cp "$MODULE_BIN" "$TMPBIN"
+        chmod 755 "$TMPBIN"
 
-        exec sudo -u "$CONSOLE_USER" "$MODULE_BIN" "$@"
-        echo "run.sh: running as $CONSOLE_USER"
+        exec sudo -u "$CONSOLE_USER" "$TMPBIN" "$@"
     else
         echo "run.sh: WARNING: Running as root on macOS. Microphone component will not work due to TCC restrictions." >&2
     fi

From 6fbaa23e1c9d86c623416f3a4134c6d7729c9f67 Mon Sep 17 00:00:00 2001
From: Sebastian Munoz <sebastian.munoz@viam.com>
Date: Fri, 13 Mar 2026 16:57:50 -0400
Subject: [PATCH 2/2] Copying the binary file to a unique place, instead of one
 per instance, this avoids the risk of filling the dist on a viam restart loop

---
 run.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/run.sh b/run.sh
index 013122f..e8846fa 100755
--- a/run.sh
+++ b/run.sh
@@ -15,7 +15,10 @@ if [ "$(uname)" = "Darwin" ] && [ "$(id -u)" -eq 0 ]; then
         # Copy binary to /tmp so the console user can traverse the path.
         # The module may be installed under /var/root/ (drwx------), which
         # the console user cannot traverse even if they own the binary.
-        TMPBIN=$(mktemp /tmp/audio-module-XXXXXX)
+        # Use VIAM_MACHINE_PART_ID for a stable path across restarts (avoids
+        # accumulation in restart loops) that is still unique per robot instance.
+        # If VIAM_MACHINE_PART_ID is not set, the TMPBIN will be /tmp/viam-audio-module-default
+        TMPBIN="/tmp/viam-audio-module-${VIAM_MACHINE_PART_ID:-default}"
         cp "$MODULE_BIN" "$TMPBIN"
         chmod 755 "$TMPBIN"