diff --git a/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh b/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh index 9420001799e4..9488a4c56e28 100755 --- a/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh +++ b/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh @@ -10,26 +10,31 @@ if [ -f /etc/alpine-release ]; then rc-service qemu-binfmt stop --ifstarted fi -mkdir -p /mnt/lima-rosetta - -#Check selinux is enabled by kernel -if [ -d /sys/fs/selinux ]; then - ########################################################################################## - ## When using vz & virtiofs, initially container_file_t selinux label - ## was considered which works perfectly for container work loads - ## but it might break for other work loads if the process is running with - ## different label. Also these are the remote mounts from the host machine, - ## so keeping the label as nfs_t fits right. Package container-selinux by - ## default adds rules for nfs_t context which allows container workloads to work as well. - ## https://github.com/lima-vm/lima/pull/1965 - ########################################################################################## - mount -t virtiofs vz-rosetta /mnt/lima-rosetta -o context="system_u:object_r:nfs_t:s0" -else - mount -t virtiofs vz-rosetta /mnt/lima-rosetta +# Mount the rosetta volume for non cloud-init based images +rosetta_interpreter=/mnt/lima-rosetta/rosetta +if [ ! -f "$rosetta_interpreter" ]; then + rosetta_mountpoint=$(dirname "$rosetta_interpreter") + mkdir -p "$rosetta_mountpoint" + + #Check selinux is enabled by kernel + if [ -d /sys/fs/selinux ]; then + ########################################################################################## + ## When using vz & virtiofs, initially container_file_t selinux label + ## was considered which works perfectly for container work loads + ## but it might break for other work loads if the process is running with + ## different label. Also these are the remote mounts from the host machine, + ## so keeping the label as nfs_t fits right. Package container-selinux by + ## default adds rules for nfs_t context which allows container workloads to work as well. + ## https://github.com/lima-vm/lima/pull/1965 + ########################################################################################## + mount -t virtiofs vz-rosetta "$rosetta_mountpoint" -o context="system_u:object_r:nfs_t:s0" + else + mount -t virtiofs vz-rosetta "$rosetta_mountpoint" + fi fi if [ "$LIMA_CIDATA_ROSETTA_BINFMT" = "true" ]; then - rosetta_binfmt=":rosetta:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/mnt/lima-rosetta/rosetta:OCF" + rosetta_binfmt=":rosetta:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:$rosetta_interpreter:OCF" # If rosetta is not registered in binfmt_misc, register it. [ -f /proc/sys/fs/binfmt_misc/rosetta ] || echo "$rosetta_binfmt" >/proc/sys/fs/binfmt_misc/register diff --git a/pkg/cidata/cidata.TEMPLATE.d/user-data b/pkg/cidata/cidata.TEMPLATE.d/user-data index 26060b0c1c09..f389c26a9af1 100644 --- a/pkg/cidata/cidata.TEMPLATE.d/user-data +++ b/pkg/cidata/cidata.TEMPLATE.d/user-data @@ -11,14 +11,18 @@ package_upgrade: true package_reboot_if_required: true {{- end }} -{{- if or (eq .MountType "9p") (eq .MountType "virtiofs") }} -{{- if .Mounts }} +{{- if or .RosettaEnabled (or (eq .MountType "9p") (eq .MountType "virtiofs")) }} mounts: - {{- range $m := $.Mounts}} + # Mount the rosetta volume before systemd-binfmt.service(8) starts + {{- if .RosettaEnabled }} +- ["vz-rosetta", "/mnt/lima-rosetta", "virtiofs", "context=\"system_u:object_r:nfs_t:s0\""] + {{- end }} + {{- if .Mounts }} + {{- range $m := $.Mounts}} - [{{$m.Tag}}, {{$m.MountPoint}}, {{$m.Type}}, "{{$m.Options}}", "0", "0"] + {{- end }} {{- end }} {{- end }} -{{- end }} {{- if .TimeZone }} timezone: {{.TimeZone}}