Merge pull request #2474 from norio-nomura/prioritize-rosetta-over-qemu

jandubois · web-flow · commit 598f45f817ac · 2024-07-16T19:50:42.000-06:00
[Rosetta] Prioritize rosetta over `qemu-user-static` by creating `binfmt.d(5)` configuration
diff --git a/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh b/pkg/cidata/cidata.TEMPLATE.d/boot/05-rosetta-volume.sh
@@ -10,26 +10,20 @@ if [ -f /etc/alpine-release ]; then
 	rc-service qemu-binfmt stop --ifstarted
 fi
 
-mkdir -p /mnt/lima-rosetta
+binfmt_entry=/proc/sys/fs/binfmt_misc/rosetta
+binfmtd_conf=/usr/lib/binfmt.d/rosetta.conf
+if [ "$LIMA_CIDATA_ROSETTA_BINFMT" = "true" ]; then
+	rosetta_binfmt=":rosetta:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/mnt/lima-rosetta/rosetta:OCF"
 
-#Check selinux is enabled by kernel
-if [ -d /sys/fs/selinux ]; then
-	##########################################################################################
-	## When using vz & virtiofs, initially container_file_t selinux label
-	## was considered which works perfectly for container work loads
-	## but it might break for other work loads if the process is running with
-	## different label. Also these are the remote mounts from the host machine,
-	## so keeping the label as nfs_t fits right. Package container-selinux by
-	## default adds rules for nfs_t context which allows container workloads to work as well.
-	## https://github.com/lima-vm/lima/pull/1965
-	##########################################################################################
-	mount -t virtiofs vz-rosetta /mnt/lima-rosetta -o context="system_u:object_r:nfs_t:s0"
-else
-	mount -t virtiofs vz-rosetta /mnt/lima-rosetta
-fi
+	# If rosetta is not registered in binfmt_misc, register it.
+	[ -f "$binfmt_entry" ] || echo "$rosetta_binfmt" >/proc/sys/fs/binfmt_misc/register
 
-if [ "$LIMA_CIDATA_ROSETTA_BINFMT" = "true" ]; then
-	echo \
-		':rosetta:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/mnt/lima-rosetta/rosetta:OCF' \
-		>/proc/sys/fs/binfmt_misc/register
+	# Create binfmt.d(5) configuration to prioritize rosetta even if qemu-user-static is installed on systemd based systems.
+	# If the binfmt.d directory exists, consider systemd-binfmt.service(8) to be enabled and create the configuration file.
+	[ ! -d "$(dirname "$binfmtd_conf")" ] || [ -f "$binfmtd_conf" ] || echo "$rosetta_binfmt" >"$binfmtd_conf"
+else
+	# unregister rosetta from binfmt_misc if it exists
+	[ ! -f "$binfmt_entry" ] || echo -1 | "$binfmt_entry"
+	# remove binfmt.d(5) configuration if it exists
+	[ ! -f "$binfmtd_conf" ] || rm "$binfmtd_conf"
 fi
diff --git a/pkg/cidata/cidata.TEMPLATE.d/user-data b/pkg/cidata/cidata.TEMPLATE.d/user-data
@@ -11,14 +11,17 @@ package_upgrade: true
 package_reboot_if_required: true
 {{- end }}
 
-{{- if or (eq .MountType "9p") (eq .MountType "virtiofs") }}
-{{- if .Mounts }}
+{{- if or .RosettaEnabled (or (eq .MountType "9p") (eq .MountType "virtiofs")) }}
 mounts:
-  {{- range $m := $.Mounts}}
+  {{- if .RosettaEnabled }}{{/* Mount the rosetta volume before systemd-binfmt.service(8) starts */}}
+- [vz-rosetta, /mnt/lima-rosetta, virtiofs]
+  {{- end }}
+  {{- if .Mounts }}
+    {{- range $m := $.Mounts}}
 - [{{$m.Tag}}, {{$m.MountPoint}}, {{$m.Type}}, "{{$m.Options}}", "0", "0"]
+    {{- end }}
   {{- end }}
 {{- end }}
-{{- end }}
 
 {{- if .TimeZone }}
 timezone: {{.TimeZone}}
