lima: chown/chmod on mounted directory: Permission denied

Sorry, after reading the discussion above I still don’t quite understand…

How can I solve this problem when I use sshfs? I installed the latest HEAD branch using brew, but I still get this error… How do I need to adjust the source code to fix this? (I’m just on my own For use on laptops, you don’t need to consider too much security).

Sorry, it was my test error. Tips for others who need help:

• Use brew to install the master branch on mac: brew install lima --HEAD
• Install 7.0 version of qemu: brew install qemu(or brew upgrade qemu)
• Set 9p as mount driver in config file: mountType: 9p
• Set directory writable permission to true: writable: true
• Set 9p cache type to mmap: cache: "mmap"

Finally it may be necessary to remove the previous mounted directory, eg ./data:/var/lib/mysql --> rm -rf ./data

Now recreate the lima vm, there is no more permission problem.

This is a known limitation of the current sshfs server, which works without the root privilege.

@nulllpoint In a recent release, the securityModel option changed its default value; you may need to specify it manually for mapped-xattr.

Any updates or ideas on a plan to solve this? chown / chmod on mounted files is pretty commonly needed and likely a blocker for a fair number of folks.

Is there any way forward here? I get similar “permission denied” errors and it’s not clear whether it can be fixed in current setup at all.

I am using lima with docker and regardless on whether I use rootless docker or rootful docker + sudo - I still get permission denied errors. Is it an sshfs limitation? or can we expect it to work in the future (ignoring 9p work).

As a followup, the latest version of the 9p patch is https://gitlab.com/wwcohen/qemu/-/tree/9p-darwin and that’s where the in-progress work will go as it progresses towards resubmission upstream. Any comments on how to improve would be GREATLY welcomed before I submit again.

If we could get https://github.com/afbjorklund/qemu/commits/9p-darwin merged into the upstream, we will be able to store the file owner info into xattr (or a separate file). https://wiki.qemu.org/Documentation/9psetup (mapped-xattr, mapped-file)

I’m not sure we will use 9p by default, though, due to a performance issue.

@mritd Thank you for your advice. Currently, I use lima .lima/_config/override.yaml file to override volume settings. I’m not familiar with lima nor colima. Since colima is a out of box plan, I prefer using colima now. Maybe try native lima later.

~Sorry, after reading the discussion above I still don’t quite understand…~

~How can I solve this problem when I use sshfs? I installed the latest HEAD branch using brew, but I still get this error… How do I need to adjust the source code to fix this? (I’m just on my own For use on laptops, you don’t need to consider too much security).~

Sorry, it was my test error. Tips for others who need help:

• Use brew to install the master branch on mac: brew install lima --HEAD
• Install 7.0 version of qemu: brew install qemu(or brew upgrade qemu)
• Set 9p as mount driver in config file: mountType: 9p
• Set directory writable permission to true: writable: true
• Set 9p cache type to mmap: cache: "mmap"

Finally it may be necessary to remove the previous mounted directory, eg ./data:/var/lib/mysql --> rm -rf ./data

Now recreate the lima vm, there is no more permission problem.

I use podman by lima-vm, container is mysql/mysql-server, it need chown mysql:mysql xxx, but when use -v mapping host’s dir , propmpt chown: changing ownership of 'xxx': Operation not permitted macos version: 12.6 lima version: 0.13.0 qemu version: 7.1.0 lima’s yaml config:

mountType: 9p
mounts:
- location: "/Users/xxx/lima_workspace/podman"
  writable: true
  9p:
    cache: mmap

Any updates or ideas on a plan to solve this? chown / chmod on mounted files is pretty commonly needed and likely a blocker for a fair number of folks.

The plan is to use mapped-xattr or mapped-file of virtio 9P, but the patch is not merged for macOS hosts yet, and seems to need more testers: https://github.com/NixOS/nixpkgs/pull/122420

If I build lima myself to test it. Is there anything I need to take into account? Do I need to re-create the lima vm if I change these options? Or is a re-compile sufficient?

There is nothing special to take into account and you do not need to re-create the vm, it should just work like the binary you downloaded on github.

Volumes are mounted on startup, all you need to do is shutdown, and start the vm (using your custom build).

ahh this is how I confused you. I found this issue after looking for issues regarding “incorrect” host mount permissions. My suggestion was merely about fixing permissions for host mounted dirs for non-root users in a container.

Would that solve it?

Sorry for the confusion.

These flags have nothing to do with allowing chown/chmod.

but sudo lima nerdctl compose up fails with FATA[0000] must not run as the root.

It should actually be lima sudo nerdctl compose up?

Thanks for the info! Is it going to be resolved when VirtFS is built in? Is running rootfully a workaround and is it documented somewhere? Starting a rootful VM works, but sudo lima nerdctl compose up fails with FATA[0000] must not run as the root.