summaryrefslogtreecommitdiff
path: root/pkg/machine/qemu/machine.go
diff options
context:
space:
mode:
authorCorey Hickey <chickey@tagged.com>2022-07-01 09:58:53 -0700
committerCorey Hickey <chickey@tagged.com>2022-07-06 16:07:56 -0700
commit03ee8204d394da467e991b9ec62581b80fc6c2fb (patch)
tree2123ff17cd2c2712ddcfd10045afe2f82ee1945f /pkg/machine/qemu/machine.go
parentb00e65aa9c071428579a55f91a92f3702765ed85 (diff)
downloadpodman-03ee8204d394da467e991b9ec62581b80fc6c2fb.tar.gz
podman-03ee8204d394da467e991b9ec62581b80fc6c2fb.tar.bz2
podman-03ee8204d394da467e991b9ec62581b80fc6c2fb.zip
podman machine: make 9p security model configurable; adjust docs
This addresses: Symlinks don't work on podman machine on macOS Monterey when using volumes feature #13784 This change does NOT exactly fix the bug, but it does allow the user to work around it via 'podman init' option, e.g.: podman machine init -v "$HOME/git:$HOME/git:ro:security_model=none" If the default security model were to be changed to 'none', then that would fix the bug, at the possible cost of breaking any use cases that depend on 'mapped-xattr'. The documentation of the purpose and behavior of the different security models seems to be rather light: https://wiki.qemu.org/Documentation/9psetup#Starting_the_Guest_directly From testing, it appears that the mapped-xattr security model intends to manage symlinks such that the guest can see the symlinks but the host only sees regular files (with extended attributes). As far as I can tell, this behavior only makes sense when the guest is the only thing that ever needs to create and read symlinks. Otherwise, symlinks created on the host are unusable on the guest, and vice versa. As per the original commit: 8e7eeaa4dd14621bda15e396fcd7b9187bc500c5 [NO NEW TESTS NEEDED] Also document existing ro and rw options. Also remove misleading statement about /mnt. By my observation, this line is incorrect. If the intended meaning is different, then I don't understand. The default volume is mounted read/write and is not within /mnt. [core@localhost ~]$ mount | grep 9p vol0 on /Users/chickey type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio) Signed-off-by: Corey Hickey <chickey@tagged.com>
Diffstat (limited to 'pkg/machine/qemu/machine.go')
-rw-r--r--pkg/machine/qemu/machine.go11
1 files changed, 7 insertions, 4 deletions
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index 2fe0230cf..f94ce3959 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -318,6 +318,7 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
source := paths[0]
target := source
readonly := false
+ securityModel := "mapped-xattr"
if len(paths) > 1 {
target = paths[1]
}
@@ -325,18 +326,20 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
options := paths[2]
volopts := strings.Split(options, ",")
for _, o := range volopts {
- switch o {
- case "rw":
+ switch {
+ case o == "rw":
readonly = false
- case "ro":
+ case o == "ro":
readonly = true
+ case strings.HasPrefix(o, "security_model="):
+ securityModel = strings.Split(o, "=")[1]
default:
fmt.Printf("Unknown option: %s\n", o)
}
}
}
if volumeType == VolumeTypeVirtfs {
- virtfsOptions := fmt.Sprintf("local,path=%s,mount_tag=%s,security_model=mapped-xattr", source, tag)
+ virtfsOptions := fmt.Sprintf("local,path=%s,mount_tag=%s,security_model=%s", source, tag, securityModel)
if readonly {
virtfsOptions += ",readonly"
}