Merge pull request #43 from AkihiroSuda/dev-sshfs

Fix "Mounted filesystems not accessible by root"

Author: AkihiroSuda

pkg/cidata/user-data.TEMPLATE

@@ -92,6 +92,12 @@ write_files:
         dnf install -y shadow-utils
         {{- end}}
       fi
+      # Modify /etc/fuse.conf to allow "-o allow_root"
+      {{- if .Mounts }}
+      if ! grep -q "^user_allow_other" /etc/fuse.conf ; then
+        echo "user_allow_other" >> /etc/fuse.conf
+      fi
+      {{- end}}
    owner: root:root
    path: /var/lib/cloud/scripts/per-boot/10-install-packages.boot.sh
    permissions: '0755'

pkg/hostagent/mount.go

@@ -48,6 +48,8 @@ func (a *HostAgent) setupMount(ctx context.Context, m limayaml.Mount) (*mount, e
 		Port:       a.y.SSH.LocalPort,
 		RemotePath: expanded,
 		Readonly:   !m.Writable,
+		// NOTE: allow_root requires "user_allow_other" in /etc/fuse.conf
+		SSHFSAdditionalArgs: []string{"-o", "allow_root"},
 	}
 	if err := rsf.Prepare(); err != nil {
 		return nil, errors.Wrapf(err, "failed to prepare reverse sshfs for %q", expanded)

pkg/hostagent/requirements.go

@@ -2,9 +2,9 @@ package hostagent
 
 import (
 	"context"
-	"github.com/AkihiroSuda/lima/pkg/limayaml"
 	"time"
 
+	"github.com/AkihiroSuda/lima/pkg/limayaml"
 	"github.com/AkihiroSuda/sshocker/pkg/ssh"
 	"github.com/hashicorp/go-multierror"
 	"github.com/pkg/errors"
@@ -83,6 +83,18 @@ Also see "/var/log/cloud-init-output.log" in the guest.
 A possible workaround is to run "apt-get install sshfs" in the guest.
 `,
 		})
+		req = append(req, requirement{
+			description: "/etc/fuse.conf to contain \"user_allow_other\"",
+			script: `#!/bin/bash
+set -eux -o pipefail
+if ! timeout 30s bash -c "until grep -q ^user_allow_other /etc/fuse.conf; do sleep 3; done"; then
+	echo >&2 "/etc/fuse.conf is not updated to contain \"user_allow_other\""
+	exit 1
+fi
+`,
+			debugHint: `Append "user_allow_other" to /etc/fuse.conf in the guest`,
+		})
+
 	}
 	req = append(req, requirement{
 		description: "the guest agent to be running",