Mount the rosetta volume in user-data

After creating the `binfmt.d(5)` configuration for Rosetta, `systemd-binfmt.service(8)` attempts to register at an earlier stage in subsequent boots. To prevent errors from not finding the Rosetta interpreter, `user-data` is used to mount the Rosetta volume earlier.

Signed-off-by: Norio Nomura <[email protected]>

pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh

@@ -10,26 +10,31 @@ if [ -f /etc/alpine-release ]; then
 	rc-service qemu-binfmt stop --ifstarted
 fi
 
-mkdir -p /mnt/lima-rosetta
-
-#Check selinux is enabled by kernel
-if [ -d /sys/fs/selinux ]; then
-	##########################################################################################
-	## When using vz & virtiofs, initially container_file_t selinux label
-	## was considered which works perfectly for container work loads
-	## but it might break for other work loads if the process is running with
-	## different label. Also these are the remote mounts from the host machine,
-	## so keeping the label as nfs_t fits right. Package container-selinux by
-	## default adds rules for nfs_t context which allows container workloads to work as well.
-	## https://github.com/lima-vm/lima/pull/1965
-	##########################################################################################
-	mount -t virtiofs vz-rosetta /mnt/lima-rosetta -o context="system_u:object_r:nfs_t:s0"
-else
-	mount -t virtiofs vz-rosetta /mnt/lima-rosetta
+# Mount the rosetta volume for non cloud-init based images
+rosetta_interpreter=/mnt/lima-rosetta/rosetta
+if [ ! -f "$rosetta_interpreter" ]; then
+	rosetta_mountpoint=$(dirname "$rosetta_interpreter")
+	mkdir -p "$rosetta_mountpoint"
+
+	#Check selinux is enabled by kernel
+	if [ -d /sys/fs/selinux ]; then
+		##########################################################################################
+		## When using vz & virtiofs, initially container_file_t selinux label
+		## was considered which works perfectly for container work loads
+		## but it might break for other work loads if the process is running with
+		## different label. Also these are the remote mounts from the host machine,
+		## so keeping the label as nfs_t fits right. Package container-selinux by
+		## default adds rules for nfs_t context which allows container workloads to work as well.
+		## https://github.com/lima-vm/lima/pull/1965
+		##########################################################################################
+		mount -t virtiofs vz-rosetta "$rosetta_mountpoint" -o context="system_u:object_r:nfs_t:s0"
+	else
+		mount -t virtiofs vz-rosetta "$rosetta_mountpoint"
+	fi
 fi
 
 if [ "$LIMA_CIDATA_ROSETTA_BINFMT" = "true" ]; then
-	rosetta_binfmt=":rosetta:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/mnt/lima-rosetta/rosetta:OCF"
+	rosetta_binfmt=":rosetta:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:$rosetta_interpreter:OCF"
 
 	# If rosetta is not registered in binfmt_misc, register it.
 	[ -f /proc/sys/fs/binfmt_misc/rosetta ] || echo "$rosetta_binfmt" >/proc/sys/fs/binfmt_misc/register

pkg/cidata/cidata.TEMPLATE.d/user-data

@@ -11,14 +11,18 @@ package_upgrade: true
 package_reboot_if_required: true
 {{- end }}
 
-{{- if or (eq .MountType "9p") (eq .MountType "virtiofs") }}
-{{- if .Mounts }}
+{{- if or .RosettaEnabled (or (eq .MountType "9p") (eq .MountType "virtiofs")) }}
 mounts:
-  {{- range $m := $.Mounts}}
+  # Mount the rosetta volume before systemd-binfmt.service(8) starts
+  {{- if .RosettaEnabled }}
+- ["vz-rosetta", "/mnt/lima-rosetta", "virtiofs", "context=\"system_u:object_r:nfs_t:s0\""]
+  {{- end }}
+  {{- if .Mounts }}
+    {{- range $m := $.Mounts}}
 - [{{$m.Tag}}, {{$m.MountPoint}}, {{$m.Type}}, "{{$m.Options}}", "0", "0"]
+    {{- end }}
   {{- end }}
 {{- end }}
-{{- end }}
 
 {{- if .TimeZone }}
 timezone: {{.TimeZone}}