setup: Add InVm option to Validate()

alexlarsson · alexlarsson · commit 0a15328c6df1 · 2026-01-28T17:40:30.000+01:00
If in vm, we don't need --privileged. Also, we can also support
rootless containers.
diff --git a/cmd/image-builder/bib_main.go b/cmd/image-builder/bib_main.go
@@ -282,7 +282,7 @@ func bibCmdBuild(cmd *cobra.Command, args []string) error {
 	progressType, _ := cmd.Flags().GetString("progress")
 
 	logrus.Debug("Validating environment")
-	if err := setup.Validate(targetArch); err != nil {
+	if err := setup.Validate(targetArch, false); err != nil {
 		return fmt.Errorf("cannot validate the setup: %w", err)
 	}
 	logrus.Debug("Ensuring environment setup")
diff --git a/pkg/setup/setup.go b/pkg/setup/setup.go
@@ -82,12 +82,12 @@ func EnsureEnvironment(storePath string, inVm bool) error {
 
 // Validate checks that the environment is supported (e.g. caller set up the
 // container correctly)
-func Validate(targetArch string) error {
+func Validate(targetArch string, inVm bool) error {
 	isRootless, err := podmanutil.IsRootless()
 	if err != nil {
 		return fmt.Errorf("checking rootless: %w", err)
 	}
-	if isRootless {
+	if isRootless && !inVm {
 		return fmt.Errorf("this command must be run in rootful (not rootless) podman")
 	}
 
@@ -97,7 +97,7 @@ func Validate(targetArch string) error {
 	if err := unix.Statfs("/sys", &stvfsbuf); err != nil {
 		return fmt.Errorf("failed to stat /sys: %w", err)
 	}
-	if (stvfsbuf.Flags & unix.ST_RDONLY) > 0 {
+	if !inVm && (stvfsbuf.Flags&unix.ST_RDONLY) > 0 {
 		return fmt.Errorf("this command requires a privileged container")
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -282,7 +282,7 @@ func bibCmdBuild(cmd *cobra.Command, args []string) error {`
`282`	`282`	`progressType, _ := cmd.Flags().GetString("progress")`
`283`	`283`
`284`	`284`	`logrus.Debug("Validating environment")`
`285`		`- if err := setup.Validate(targetArch); err != nil {`
	`285`	`+ if err := setup.Validate(targetArch, false); err != nil {`
`286`	`286`	`return fmt.Errorf("cannot validate the setup: %w", err)`
`287`	`287`	`}`
`288`	`288`	`logrus.Debug("Ensuring environment setup")`
Original file line number	Diff line number	Diff line change
`@@ -82,12 +82,12 @@ func EnsureEnvironment(storePath string, inVm bool) error {`
`82`	`82`
`83`	`83`	`// Validate checks that the environment is supported (e.g. caller set up the`
`84`	`84`	`// container correctly)`
`85`		`-func Validate(targetArch string) error {`
	`85`	`+func Validate(targetArch string, inVm bool) error {`
`86`	`86`	`isRootless, err := podmanutil.IsRootless()`
`87`	`87`	`if err != nil {`
`88`	`88`	`return fmt.Errorf("checking rootless: %w", err)`
`89`	`89`	`}`
`90`		`- if isRootless {`
	`90`	`+ if isRootless && !inVm {`
`91`	`91`	`return fmt.Errorf("this command must be run in rootful (not rootless) podman")`
`92`	`92`	`}`
`93`	`93`
`@@ -97,7 +97,7 @@ func Validate(targetArch string) error {`
`97`	`97`	`if err := unix.Statfs("/sys", &stvfsbuf); err != nil {`
`98`	`98`	`return fmt.Errorf("failed to stat /sys: %w", err)`
`99`	`99`	`}`
`100`		`- if (stvfsbuf.Flags & unix.ST_RDONLY) > 0 {`
	`100`	`+ if !inVm && (stvfsbuf.Flags&unix.ST_RDONLY) > 0 {`
`101`	`101`	`return fmt.Errorf("this command requires a privileged container")`
`102`	`102`	`}`
`103`	`103`