Skip to content

Re-exec limactl cross-user via sudo when the Lima dir is owned by another uid#2

Open
eejd wants to merge 1 commit into
mainfrom
feat/multiuser-status-fallback
Open

Re-exec limactl cross-user via sudo when the Lima dir is owned by another uid#2
eejd wants to merge 1 commit into
mainfrom
feat/multiuser-status-fallback

Conversation

@eejd

@eejd eejd commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Fork addition for macports-ports-local#162. limautil.Limactl() is
the single choke point for status/stop/ssh. When the Lima
instance/state dir is owned by a uid other than the caller's, upstream
falsely reports "not running" (Lima's liveness check can't signal a
process owned by another uid). This re-execs limactl as the owner via
sudo -n -u <owner>, forwarding LIMA_HOME explicitly. Opt out via
COLIMA_NO_CROSS_USER. Requires a NOPASSWD sudoers grant for
caller -> owner limactl.

This is a colima-layer workaround for what may ultimately be a
Lima-layer liveness-check gap (tracked as Phase 3 in the issue). Needs
live two-user validation before being considered fully proven.

Tracking: eejd/macports-ports-local#162

…ther uid

limautil.Limactl() is the single choke point for status, stop, and ssh
(getInstance/Instances/RunningInstances all route through it). Upstream
falsely reports "not running" when the VM was started by a different
user, because Lima's liveness check cannot signal a process owned by
another uid (EPERM). When the Lima instance/state dir's owner differs
from the caller's effective uid, re-exec limactl as the owner via
`sudo -n -u <owner>`, forwarding LIMA_HOME explicitly since sudo does
not inherit environment by default. Opt out via COLIMA_NO_CROSS_USER.

Requires a NOPASSWD sudoers grant for caller -> owner limactl; without
it the re-exec fails closed rather than prompting. This is a colima-
layer workaround for a Lima-layer liveness-check gap; a proper fix may
belong in lima-vm/lima instead (tracked as Phase 3).

Needs live two-user validation (VM started as one user, queried as
another) before this can be considered fully proven -- go test alone
cannot simulate a genuine cross-uid directory without root.

Fixes: eejd/macports-ports-local#162
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant