Re-exec limactl cross-user via sudo when the Lima dir is owned by another uid#2
Open
eejd wants to merge 1 commit into
Open
Re-exec limactl cross-user via sudo when the Lima dir is owned by another uid#2eejd wants to merge 1 commit into
eejd wants to merge 1 commit into
Conversation
…ther uid limautil.Limactl() is the single choke point for status, stop, and ssh (getInstance/Instances/RunningInstances all route through it). Upstream falsely reports "not running" when the VM was started by a different user, because Lima's liveness check cannot signal a process owned by another uid (EPERM). When the Lima instance/state dir's owner differs from the caller's effective uid, re-exec limactl as the owner via `sudo -n -u <owner>`, forwarding LIMA_HOME explicitly since sudo does not inherit environment by default. Opt out via COLIMA_NO_CROSS_USER. Requires a NOPASSWD sudoers grant for caller -> owner limactl; without it the re-exec fails closed rather than prompting. This is a colima- layer workaround for a Lima-layer liveness-check gap; a proper fix may belong in lima-vm/lima instead (tracked as Phase 3). Needs live two-user validation (VM started as one user, queried as another) before this can be considered fully proven -- go test alone cannot simulate a genuine cross-uid directory without root. Fixes: eejd/macports-ports-local#162
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fork addition for macports-ports-local#162.
limautil.Limactl()isthe single choke point for status/stop/ssh. When the Lima
instance/state dir is owned by a uid other than the caller's, upstream
falsely reports "not running" (Lima's liveness check can't signal a
process owned by another uid). This re-execs limactl as the owner via
sudo -n -u <owner>, forwarding LIMA_HOME explicitly. Opt out viaCOLIMA_NO_CROSS_USER. Requires a NOPASSWD sudoers grant for
caller -> owner limactl.
This is a colima-layer workaround for what may ultimately be a
Lima-layer liveness-check gap (tracked as Phase 3 in the issue). Needs
live two-user validation before being considered fully proven.
Tracking: eejd/macports-ports-local#162