alpine: avoid wiping out writable host mounts under /home, etc.

A host directory could be wiped out when all the following conditions are met: - The directory is mounted to Lima via virtiofs, or, potentially 9p - The mount is writable - The mount point in the guest is under one of: /etc /home /root /tmp /usr/local /var/lib - The guest OS is Alpine Linux Fix issue 2221 Fix rancher-sandbox/rancher-desktop issue 6582 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
lima-vm · Mar 8, 2024 · 691c030 · 691c030
1 parent 0ef1b3b
commit 691c030
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/pkg/cidata/cidata.TEMPLATE.d/boot/04-persistent-data-volume.sh b/pkg/cidata/cidata.TEMPLATE.d/boot/04-persistent-data-volume.sh
@@ -77,6 +77,19 @@ if [ "$(awk '$2 == "/" {print $3}' /proc/mounts)" == "tmpfs" ]; then
 				for DIR in ${DATADIRS}; do
 					DEST="/mnt/data$(dirname "${DIR}")"
 					mkdir -p "${DIR}" "${DEST}"
+					# Unmount filesystems (virtiofs, 9p, etc.) below "${DIR}", otherwise host mounts will be wiped out
+					# https://github.com/rancher-sandbox/rancher-desktop/issues/6582
+					#
+					# set is for avoiding a failure on empty grep
+					set +e +o pipefail
+					awk '$3 != "ext4" && $3 != "tmpfs" {print $2}' /proc/mounts | grep "^${DIR}" | while IFS= read -r line; do
+						[ -z "$line" ] && continue
+						# unmangle " \t\n\\#"
+						# https://github.com/torvalds/linux/blob/v6.6/fs/proc_namespace.c#L89
+						unmangled="$(echo "$line" | sed -e 's/\\040/ /g; s/\\011/\t/g; s/\\012/\n/g; s/\\134/\\/g; s/\\043/#/g')"
+						umount "$unmangled" || exit 1
+					done
+					set -e -o pipefail
 					mv "${DIR}" "${DEST}"
 				done
 				# Make sure all data moved to the persistent volume has been committed to disk