Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
lima-vm
GitHub Repository: lima-vm/lima
 Path: blob/master/pkg/cidata/cidata.TEMPLATE.d/boot/05-lima-mounts.sh
2675 views
1
#!/bin/bash

2


3
# SPDX-FileCopyrightText: Copyright The Lima Authors

4
# SPDX-License-Identifier: Apache-2.0

5


6
set -eux -o pipefail

7


8
# Check if mount type is virtiofs and vm type as vz

9
if ! [[ ${LIMA_CIDATA_VMTYPE} == "vz" && ${LIMA_CIDATA_MOUNTTYPE} == "virtiofs" ]]; then

10
	exit 0

11
fi

12


13
# Update fstab entries and unmount/remount the volumes with secontext options

14
# when selinux is enabled in kernel

15
if [ -d /sys/fs/selinux ]; then

16
	LABEL_BIN="system_u:object_r:bin_t:s0"

17
	LABEL_NFS="system_u:object_r:nfs_t:s0"

18
	# shellcheck disable=SC2013

19
	for line in $(grep -n virtiofs </etc/fstab | cut -d':' -f1); do

20
		OPTIONS=$(awk -v line="$line" 'NR==line {print $4}' /etc/fstab)

21
		TAG=$(awk -v line="$line" 'NR==line {print $1}' /etc/fstab)

22
		MOUNT_OPTIONS=$(mount | grep "${TAG}" | awk '{print $6}')

23
		if [[ ${OPTIONS} != *"context"* ]]; then

24
			##########################################################################################

25
			## When using vz & virtiofs, initially container_file_t selinux label

26
			## was considered which works perfectly for container work loads

27
			## but it might break for other work loads if the process is running with

28
			## different label. Also these are the remote mounts from the host machine,

29
			## so keeping the label as nfs_t fits right. Package container-selinux by

30
			## default adds rules for nfs_t context which allows container workloads to work as well.

31
			## https://github.com/lima-vm/lima/pull/1965

32
			##

33
			## With integration[https://github.com/lima-vm/lima/pull/2474] with systemd-binfmt,

34
			## the existing "nfs_t" selinux label for Rosetta is causing issues while registering it.

35
			## This behaviour needs to be fixed by setting the label as "bin_t"

36
			## https://github.com/lima-vm/lima/pull/2630

37
			##########################################################################################

38
			if [[ ${TAG} == *"rosetta"* ]]; then

39
				label=${LABEL_BIN}

40
			else

41
				label=${LABEL_NFS}

42
			fi

43
			sed -i -e "$line""s/comment=cloudconfig/comment=cloudconfig,context=\"$label\"/g" /etc/fstab

44
			if [[ ${MOUNT_OPTIONS} != *"$label"* ]]; then

45
				MOUNT_POINT=$(awk -v line="$line" 'NR==line {print $2}' /etc/fstab)

46
				OPTIONS=$(awk -v line="$line" 'NR==line {print $4}' /etc/fstab)

47


48
				#########################################################

49
				## We need to migrate existing users of Fedora having

50
				## Rosetta mounted from nfs_t to bin_t by unregistering

51
				## it from binfmt before remounting

52
				#########################################################

53
				if [[ ${TAG} == *"rosetta"* && ${MOUNT_OPTIONS} == *"${LABEL_NFS}"* ]]; then

54
					[ ! -f "/proc/sys/fs/binfmt_misc/rosetta" ] || echo -1 >/proc/sys/fs/binfmt_misc/rosetta

55
				fi

56
				umount "${TAG}"

57
				mount -t virtiofs "${TAG}" "${MOUNT_POINT}" -o "${OPTIONS}"

58
			fi

59
		fi

60
	done

61
fi

62


63