From 67a716d928c781b744eee9b6bf951c96afcbc8df Mon Sep 17 00:00:00 2001 From: Norio Nomura Date: Thu, 11 Jul 2024 19:14:01 +0900 Subject: [PATCH] Remove mounting vz-rosetta from 05-rosetta-volume.sh Since the mount option workaround for selinux to vz-rosetta will be covered in 05-lima-mounts.sh. Signed-off-by: Norio Nomura --- .../boot/05-rosetta-volume.sh | 25 +------------------ pkg/cidata/cidata.TEMPLATE.d/user-data | 2 +- 2 files changed, 2 insertions(+), 25 deletions(-) diff --git a/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh b/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh index 9488a4c56e28..bb8369bf4450 100755 --- a/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh +++ b/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh @@ -10,31 +10,8 @@ if [ -f /etc/alpine-release ]; then rc-service qemu-binfmt stop --ifstarted fi -# Mount the rosetta volume for non cloud-init based images -rosetta_interpreter=/mnt/lima-rosetta/rosetta -if [ ! -f "$rosetta_interpreter" ]; then - rosetta_mountpoint=$(dirname "$rosetta_interpreter") - mkdir -p "$rosetta_mountpoint" - - #Check selinux is enabled by kernel - if [ -d /sys/fs/selinux ]; then - ########################################################################################## - ## When using vz & virtiofs, initially container_file_t selinux label - ## was considered which works perfectly for container work loads - ## but it might break for other work loads if the process is running with - ## different label. Also these are the remote mounts from the host machine, - ## so keeping the label as nfs_t fits right. Package container-selinux by - ## default adds rules for nfs_t context which allows container workloads to work as well. - ## https://github.com/lima-vm/lima/pull/1965 - ########################################################################################## - mount -t virtiofs vz-rosetta "$rosetta_mountpoint" -o context="system_u:object_r:nfs_t:s0" - else - mount -t virtiofs vz-rosetta "$rosetta_mountpoint" - fi -fi - if [ "$LIMA_CIDATA_ROSETTA_BINFMT" = "true" ]; then - rosetta_binfmt=":rosetta:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:$rosetta_interpreter:OCF" + rosetta_binfmt=":rosetta:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/mnt/lima-rosetta/rosetta:OCF" # If rosetta is not registered in binfmt_misc, register it. [ -f /proc/sys/fs/binfmt_misc/rosetta ] || echo "$rosetta_binfmt" >/proc/sys/fs/binfmt_misc/register diff --git a/pkg/cidata/cidata.TEMPLATE.d/user-data b/pkg/cidata/cidata.TEMPLATE.d/user-data index de494d814cf5..32995307a878 100644 --- a/pkg/cidata/cidata.TEMPLATE.d/user-data +++ b/pkg/cidata/cidata.TEMPLATE.d/user-data @@ -14,7 +14,7 @@ package_reboot_if_required: true {{- if or .RosettaEnabled (or (eq .MountType "9p") (eq .MountType "virtiofs")) }} mounts: {{- if .RosettaEnabled }}{{/* Mount the rosetta volume before systemd-binfmt.service(8) starts */}} -- ["vz-rosetta", "/mnt/lima-rosetta", "virtiofs", "context=\"system_u:object_r:nfs_t:s0\""] +- [vz-rosetta, /mnt/lima-rosetta, virtiofs] {{- end }} {{- if .Mounts }} {{- range $m := $.Mounts}}