Colima using global tmp preventing vm start-up in multi user usage when using --vm-type=vz

zavierboyd commented 7 months ago

Description

Colima has problems with using /tmp/colima or /tmp/colima-<profile> when used in a multi user context Specifically when 2 users run colima start separately one users container will not be able to access /tmp/colima as that folder is owned by another user. When the vm-type is qemu this error is ignored and colima continues with the --very-verbose log containing this:

> [hostagent] The essential requirement 4 of 4 is satisfied
> [hostagent] Mounting "/Users/<userb>" on "/Users/<userb>"
> [hostagent] Mounting "/tmp/colima" on "/tmp/colima"
> [hostagent] chdir to "/tmp/colima" failed: Permission denied
> [hostagent] Waiting for the guest agent to be running

When the vm-type is vz this creates a full exception with an error line of:

{"level":"fatal","msg":"Error Domain=VZErrorDomain Code=2 Description=\"Invalid virtual machine configuration. A directory sharing device configuration is invalid.\" UserInfo={\n    NSLocalizedFailure = \"Invalid virtual machine configuration.\";\n    NSLocalizedFailureReason = \"A directory sharing device configuration is invalid.\";\n    NSUnderlyingError = \"Error Domain=NSPOSIXErrorDomain Code=13 \\\"Permission denied\\\"\";\n}","time":"2024-02-27T15:25:16+13:00"}

and fails to start up

This seems to only happen when the /tmp/colima dir is initially created by --vm-type=vz where the dir has rwxr-x--- (750) perms vs rwxr-xr-x (755) perms when created by --vm-type=qemu as --vm-type=vz in other logins can still use that dir.

Version

Operating System

[ ] macOS Intel <= 13 (Ventura)
[ ] macOS Intel >= 14 (Sonoma)
[ ] Apple Silicon <= 13 (Ventura)
[X] Apple Silicon >= 14 (Sonoma)
[ ] Linux

Output of `colima status`

colima doesn't start running on vz. All examples were run with --network-address It appears to be a non-problem with qemu as I successfully ran the hello-world docker image with the permission denied.

Reproduction Steps

Start from clean state. Delete the /tmp/colima* dirs

run colima start --vm-type=vz in userA
run colima stop in userA
log in to userB
run colima start --vm-type=vz in userB

outcome: colima fails to run with an error of

{"level":"fatal","msg":"Error Domain=VZErrorDomain Code=2 Description=\"Invalid virtual machine configuration. A directory sharing device configuration is invalid.\" UserInfo={\n    NSLocalizedFailure = \"Invalid virtual machine configuration.\";\n    NSLocalizedFailureReason = \"A directory sharing device configuration is invalid.\";\n    NSUnderlyingError = \"Error Domain=NSPOSIXErrorDomain Code=13 \\\"Permission denied\\\"\";\n}","time":"2024-02-27T15:25:16+13:00"}

in the ha_stderr.log

the /tmp/colima folder will have permissions of userA wheel rwxr-x---

Start from clean state. Delete the /tmp/colima* dirs

run colima start --vm-type=qemu in userA
run colima stop in userA
log in to userB
run colima start --vm-type=vz in userB outcome: colima runs correctly and can run the hello-world docker image

the /tmp/colima folder will have permissions of userA wheel rwxr-xr-x

Expected behaviour

Colima should handle the /tmp/colima* directories being owned by other users and be able to start up the container regardless.

Additional context

I have only tested this on Mac M1 Sonoma. I have installed colima using nix flakes exact flake urls for colima: github:NixOS/nixpkgs/63143ac2c9186be6d9da6035fa22620018c85932#colima v0.6.7 github:NixOS/nixpkgs/fcea2b6260dd566c28c894b4207a5f2b56c2cba3#colima v0.6.8

QingChang1204 commented 1 month ago

可以通过起不同的名字避免这个错误colima start userBcolima --vm-type=vz避免这个问题

abiosoft commented 1 month ago

The tmp directory was mainly inherited from the behaviour of upstream project (Lima), it is not really needed or used by Colima itself.

abiosoft / colima