Can't mount volumes with 9p securityModel: mapped-xattr

[romikforest]

Description

Hi. I've just updated my MacOS to Sonoma and updated and upgraded brew. I had a vm created using file /Users//.lima/_config/override.yaml:

mountType: 9p
mounts:
  - location: "/Users/<username>"
    writable: true
    9p:
      securityModel: mapped-xattr
      cache: mmap
  - location: "~"
    writable: true
    9p:
      securityModel: mapped-xattr
      cache: mmap
  - location: /tmp/colima
    writable: true
    9p:
      securityModel: mapped-xattr
      cache: mmap

like colima start --mount-type 9p

After update I can't run containers, they complain that chown operation not permitted. Deleting the vm and creating from scratch doesn't help. I figured out that now colima start --mount-type 9p ignores override.yaml for some reason. So I tried to edit options with vim using colima start --edit. I set the mountType: 9p and mounts. It doesn't accept both "/Users/" and "~" locations, so only "/Users/" remains. Any way it ignores options for 9p. When I restart vm again with colima start --edit I see only:

mountType: 9p
mounts:
  - location: "/Users/<username>"
    writable: true
  - location: /tmp/colima
    writable: true

So I unable to set securityModel: mapped-xattr and run containers properly.

How is it supposed to set up colima now in order to allow containers that run process not as root to work with mounted volumes?

Thank you in advance.

Version

colima version 0.6.7 git commit: ba1be00e9aec47f2c1ffdacfb7e428e465f0b58a

runtime: docker arch: x86_64 client: v24.0.7 server: v24.0.7 limactl version 0.19.1 qemu-img version 8.2.0 Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers

Operating System

• [ ] macOS Intel <= 13 (Ventura)
• [X] macOS Intel >= 14 (Sonoma)
• [ ] Apple Silicon <= 13 (Ventura)
• [ ] Apple Silicon >= 14 (Sonoma)
• [ ] Linux

Output of colima status

INFO[0000] colima is running using QEMU INFO[0000] arch: x86_64 INFO[0000] runtime: docker INFO[0000] mountType: 9p INFO[0000] socket: unix:///Users/21370766/.colima/default/docker.sock

Reproduction Steps

1. Create a colima vm using colima start --edit.
2. Edit and save with vim:

mountType: 9p
mounts:
  - location: "/Users/21370766"
    writable: true
    9p:
      securityModel: mapped-xattr
      cache: mmap
  - location: /tmp/colima
    writable: true
    9p:
      securityModel: mapped-xattr
      cache: mmap

4. Run rabbitmq container with mounted volumes

  rabbitmq:
    image: library/rabbitmq:3.12.10-management-alpine
    ports:
      - "5672:5672"
      - "8080:15672"
    volumes:
      - ./.hidden/rabbitmq/data/:/var/lib/rabbitmq/:rw
      - ./.hidden/rabbitmq/log/:/var/log/rabbitmq:rw

6. rabbitmq terminates with error:

rabbitmq-1            | chown: /var/lib/rabbitmq: Operation not permitted
rabbitmq-1 exited with code 1

Expected behaviour

Processes in docker containers can make chown and chmod and use mounted volumes.

Additional context

No response

[mpicard]

I have the same issue, but with mounting a volume for postgres.

[arilence]

I'm also running into this error on Sonoma 14.2 with postgres. Looks like a continuation of the issue #83 .

I tried the two most up to date solutions for where to put override.yaml:

• /Users/<username>/.colima/_config/
  • This gave me the same chown: operation not permitted error.
• /Users/<username>/.colima/_lima/_config/
  • This one wouldn't even boot, it got stuck on [hostagent] Waiting for the essential requirement 1 of 2: "ssh"

Versions: runtime: docker arch: x86_64 colima: 0.6.7 limactl: 0.19.1

[ishan123456789]

Same issue for me when trying to get postgres running tried similar to @arilence

[ishan123456789]

I was able to get it working as mentioned https://github.com/abiosoft/colima/issues/83#issuecomment-1893060414 You have to delete the overrider.yaml file if defined at /Users/<username>/.lima/_config else colima won't boot then define at the /Users/<username>/.colima/_lima/_config path