Set secontext for bind volumes in selinux enabled distros

Fixes #1882 Signed-off-by: T K Chandra Hasan <[email protected]>
lima-vm · Oct 24, 2023 · 8e4c047 · 8e4c047
1 parent b5aa0dd
commit 8e4c047
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/pkg/cidata/cidata.TEMPLATE.d/boot/05-lima-mounts.sh b/pkg/cidata/cidata.TEMPLATE.d/boot/05-lima-mounts.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -eux -o pipefail
+
+# Check if mount type is virtiofs
+if [ "${LIMA_CIDATA_MOUNTTYPE}" != "virtiofs" ]; then
+	exit 0
+fi
+
+# Update fstab entries and unmount/remount the volumes with secontext options
+# when selinux is enabled in kernel
+if [ -d /sys/fs/selinux ]; then
+	# shellcheck disable=SC2013
+	for line in $(grep -n virtiofs </etc/fstab | cut -d':' -f1); do
+		OPTIONS=$(awk -v line="$line" 'NR==line {print $4}' /etc/fstab)
+		if [[ ${OPTIONS} != *"context"* ]]; then
+			sed -i -e "$line""s/comment=cloudconfig/comment=cloudconfig,context=\"system_u:object_r:container_file_t:s0\"/g" /etc/fstab
+			TAG=$(awk -v line="$line" 'NR==line {print $1}' /etc/fstab)
+			MOUNT_POINT=$(awk -v line="$line" 'NR==line {print $2}' /etc/fstab)
+			OPTIONS=$(awk -v line="$line" 'NR==line {print $4}' /etc/fstab)
+			umount "${TAG}"
+			mount -t virtiofs "${TAG}" "${MOUNT_POINT}" -o "${OPTIONS}"
+		fi
+	done
+fi