From 8e4c047b9fd31de92420d22f51b14ca521d382e6 Mon Sep 17 00:00:00 2001
From: T K Chandra Hasan <t.k.chandra.hasan@ibm.com>
Date: Tue, 24 Oct 2023 13:23:43 +0530
Subject: [PATCH] Set secontext for bind volumes in selinux enabled distros
 Fixes #1882 Signed-off-by: T K Chandra Hasan <t.k.chandra.hasan@ibm.com>

---
 .../cidata.TEMPLATE.d/boot/05-lima-mounts.sh  | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100755 pkg/cidata/cidata.TEMPLATE.d/boot/05-lima-mounts.sh

diff --git a/pkg/cidata/cidata.TEMPLATE.d/boot/05-lima-mounts.sh b/pkg/cidata/cidata.TEMPLATE.d/boot/05-lima-mounts.sh
new file mode 100755
index 000000000000..d87106384bac
--- /dev/null
+++ b/pkg/cidata/cidata.TEMPLATE.d/boot/05-lima-mounts.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -eux -o pipefail
+
+# Check if mount type is virtiofs
+if [ "${LIMA_CIDATA_MOUNTTYPE}" != "virtiofs" ]; then
+	exit 0
+fi
+
+# Update fstab entries and unmount/remount the volumes with secontext options
+# when selinux is enabled in kernel
+if [ -d /sys/fs/selinux ]; then
+	# shellcheck disable=SC2013
+	for line in $(grep -n virtiofs </etc/fstab | cut -d':' -f1); do
+		OPTIONS=$(awk -v line="$line" 'NR==line {print $4}' /etc/fstab)
+		if [[ ${OPTIONS} != *"context"* ]]; then
+			sed -i -e "$line""s/comment=cloudconfig/comment=cloudconfig,context=\"system_u:object_r:container_file_t:s0\"/g" /etc/fstab
+			TAG=$(awk -v line="$line" 'NR==line {print $1}' /etc/fstab)
+			MOUNT_POINT=$(awk -v line="$line" 'NR==line {print $2}' /etc/fstab)
+			OPTIONS=$(awk -v line="$line" 'NR==line {print $4}' /etc/fstab)
+			umount "${TAG}"
+			mount -t virtiofs "${TAG}" "${MOUNT_POINT}" -o "${OPTIONS}"
+		fi
+	done
+fi