From 9985683205831b900e574f7e56168c7f6412fa89 Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@sinrega.org>
Date: Thu, 4 Aug 2022 22:53:12 +0200
Subject: [PATCH 1/2] macos: fix root ownership and mode

On macOS, buildah leaves the container image root with the uid and the
permissions set to 0700. But, for maximum compatibility with Linux
apps, we need it to be owned by root:root with mode 0555.

Use "xattr" to fix the ownership and mode after mounting the container
image.

Signed-off-by: Sergio Lopez <slp@sinrega.org>
---
 src/utils.rs | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/src/utils.rs b/src/utils.rs
index 002802f..46bd2e4 100644
--- a/src/utils.rs
+++ b/src/utils.rs
@@ -137,6 +137,34 @@ pub fn parse_mapped_volumes(volume_matches: Vec<&str>) -> HashMap<String, String
     mapped_volumes
 }
 
+#[cfg(target_os = "macos")]
+fn fix_root_mode(rootfs: &str) {
+    let mut args = vec!["-w", "user.containers.override_stat", "0:0:0555"];
+    args.push(rootfs);
+
+    let output = match Command::new("xattr")
+        .args(&args)
+        .stderr(std::process::Stdio::inherit())
+        .output()
+    {
+        Ok(output) => output,
+        Err(err) => {
+            if err.kind() == std::io::ErrorKind::NotFound {
+                println!("{} requires xattr to manage the OCI images, and it wasn't found on this system.", APP_NAME);
+            } else {
+                println!("Error executing xattr: {}", err);
+            }
+            std::process::exit(-1);
+        }
+    };
+
+    let exit_code = output.status.code().unwrap_or(-1);
+    if exit_code != 0 {
+        println!("xattr returned an error: {}", exit_code);
+        std::process::exit(-1);
+    }
+}
+
 #[allow(unused_variables)]
 pub fn mount_container(cfg: &KrunvmConfig, vmcfg: &VmConfig) -> Result<String, std::io::Error> {
     let mut args = get_buildah_args(cfg, BuildahCommand::Mount);
@@ -168,6 +196,10 @@ pub fn mount_container(cfg: &KrunvmConfig, vmcfg: &VmConfig) -> Result<String, s
     }
 
     let rootfs = std::str::from_utf8(&output.stdout).unwrap().trim();
+
+    #[cfg(target_os = "macos")]
+    fix_root_mode(&rootfs);
+
     Ok(rootfs.to_string())
 }
 

From 7459968d8b8b4c90b956fc8c183004bba03312db Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@sinrega.org>
Date: Thu, 4 Aug 2022 22:56:58 +0200
Subject: [PATCH 2/2] Bump version to v0.2.1

This version just contains a minor fix for macOS, bump release number
to v0.2.1

Signed-off-by: Sergio Lopez <slp@sinrega.org>
---
 Cargo.lock | 2 +-
 Cargo.toml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 11d012b..c88dbd7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -161,7 +161,7 @@ dependencies = [
 
 [[package]]
 name = "krunvm"
-version = "0.2.0"
+version = "0.2.1"
 dependencies = [
  "clap",
  "confy",
diff --git a/Cargo.toml b/Cargo.toml
index 4039f28..f82c203 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "krunvm"
-version = "0.2.0"
+version = "0.2.1"
 authors = ["Sergio Lopez <slp@redhat.com>"]
 description = "Create microVMs from OCI images"
 repository = "https://github.com/containers/krunvm"