Sync machine docker.sock according to rootful flag

cmd/podman/machine/platform_darwin.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v4/pkg/machine"
+	"github.com/containers/podman/v4/pkg/machine/applehv"
 	"github.com/containers/podman/v4/pkg/machine/qemu"
 	"github.com/sirupsen/logrus"
 )
@@ -30,6 +31,8 @@ func GetSystemProvider() (machine.VirtProvider, error) {
 	switch resolvedVMType {
 	case machine.QemuVirt:
 		return qemu.GetVirtualizationProvider(), nil
+	case machine.AppleHvVirt:
+		return applehv.GetVirtualizationProvider(), nil
 	default:
 		return nil, fmt.Errorf("unsupported virtualization provider: `%s`", resolvedVMType.String())
 	}

pkg/machine/applehv/machine.go

@@ -193,6 +193,7 @@ func (m *MacMachine) Init(opts machine.InitOptions) (bool, error) {
 		TimeZone:  opts.TimeZone,
 		WritePath: m.IgnitionFile.GetPath(),
 		UID:       m.UID,
+		Rootful:   m.Rootful,
 	}
 
 	if err := ign.GenerateIgnitionConfig(); err != nil {
@@ -278,10 +279,10 @@ func (m *MacMachine) Remove(name string, opts machine.RemoveOptions) (string, fu
 				logrus.Error(err)
 			}
 		}
-		if err := machine.RemoveConnection(m.Name); err != nil {
+		if err := machine.RemoveConnections(m.Name); err != nil {
 			logrus.Error(err)
 		}
-		if err := machine.RemoveConnection(m.Name + "-root"); err != nil {
+		if err := machine.RemoveConnections(m.Name + "-root"); err != nil {
 			logrus.Error(err)
 		}
 

pkg/machine/config.go

@@ -359,6 +359,8 @@ type HostUser struct {
 	Rootful bool
 	// UID is the numerical id of the user that called machine
 	UID int
+	// Whether one of these fields has changed and actions should be taken
+	Modified bool `json:"HostUserModified"`
 }
 
 // SSHConfig contains remote access information for SSH

pkg/machine/e2e/config_init_test.go

@@ -27,7 +27,7 @@ type initMachine struct {
 	memory       *uint
 	now          bool
 	timezone     string
-	rootful      bool //nolint:unused
+	rootful      bool
 	volumes      []string
 
 	cmd []string
@@ -62,6 +62,9 @@ func (i *initMachine) buildCmd(m *machineTestBuilder) []string {
 	if i.now {
 		cmd = append(cmd, "--now")
 	}
+	if i.rootful {
+		cmd = append(cmd, "--rootful")
+	}
 	cmd = append(cmd, m.name)
 	i.cmd = cmd
 	return cmd
@@ -110,3 +113,8 @@ func (i *initMachine) withVolume(v string) *initMachine {
 	i.volumes = append(i.volumes, v)
 	return i
 }
+
+func (i *initMachine) withRootful(r bool) *initMachine {
+	i.rootful = r
+	return i
+}

pkg/machine/e2e/config_set_test.go

@@ -8,6 +8,7 @@ type setMachine struct {
 	cpus     *uint
 	diskSize *uint
 	memory   *uint
+	rootful  bool
 
 	cmd []string
 }
@@ -23,6 +24,9 @@ func (i *setMachine) buildCmd(m *machineTestBuilder) []string {
 	if i.memory != nil {
 		cmd = append(cmd, "--memory", strconv.Itoa(int(*i.memory)))
 	}
+	if i.rootful {
+		cmd = append(cmd, "--rootful")
+	}
 	cmd = append(cmd, m.name)
 	i.cmd = cmd
 	return cmd
@@ -41,3 +45,8 @@ func (i *setMachine) withMemory(num uint) *setMachine {
 	i.memory = &num
 	return i
 }
+
+func (i *setMachine) withRootful(r bool) *setMachine {
+	i.rootful = r
+	return i
+}

pkg/machine/e2e/init_test.go

@@ -3,6 +3,7 @@ package e2e_test
 import (
 	"os"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/containers/podman/v4/pkg/machine"
@@ -162,4 +163,46 @@ var _ = Describe("podman machine init", func() {
 		Expect(sshSession2.outputToString()).To(ContainSubstring("example"))
 	})
 
+	It("machine init rootless docker.sock check", func() {
+		i := initMachine{}
+		name := randomString()
+		session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath)).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(session).To(Exit(0))
+
+		s := startMachine{}
+		ssession, err := mb.setCmd(s).setTimeout(time.Minute * 10).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(ssession).Should(Exit(0))
+
+		ssh2 := sshMachine{}
+		sshSession2, err := mb.setName(name).setCmd(ssh2.withSSHCommand([]string{"readlink /var/run/docker.sock"})).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(sshSession2).To(Exit(0))
+
+		output := strings.TrimSpace(sshSession2.outputToString())
+		Expect(output).To(HavePrefix("/run/user"))
+		Expect(output).To(HaveSuffix("/podman/podman.sock"))
+
+	})
+
+	It("machine init rootful docker.sock check", func() {
+		i := initMachine{}
+		name := randomString()
+		session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath).withRootful(true)).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(session).To(Exit(0))
+
+		s := startMachine{}
+		ssession, err := mb.setCmd(s).setTimeout(time.Minute * 10).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(ssession).Should(Exit(0))
+
+		ssh2 := sshMachine{}
+		sshSession2, err := mb.setName(name).setCmd(ssh2.withSSHCommand([]string{"readlink /var/run/docker.sock"})).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(sshSession2).To(Exit(0))
+		output := strings.TrimSpace(sshSession2.outputToString())
+		Expect(output).To(Equal("/run/podman/podman.sock"))
+	})
 })

pkg/machine/e2e/set_test.go

@@ -2,6 +2,7 @@ package e2e_test
 
 import (
 	"strconv"
+	"strings"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -100,4 +101,28 @@ var _ = Describe("podman machine set", func() {
 		Expect(sshSession3.outputToString()).To(ContainSubstring("100 GiB"))
 	})
 
+	It("set rootful, docker sock change", func() {
+		name := randomString()
+		i := new(initMachine)
+		session, err := mb.setName(name).setCmd(i.withImagePath(mb.imagePath)).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(session).To(Exit(0))
+
+		set := setMachine{}
+		setSession, err := mb.setName(name).setCmd(set.withRootful(true)).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(setSession).To(Exit(0))
+
+		s := new(startMachine)
+		startSession, err := mb.setCmd(s).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(startSession).To(Exit(0))
+
+		ssh2 := sshMachine{}
+		sshSession2, err := mb.setName(name).setCmd(ssh2.withSSHCommand([]string{"readlink /var/run/docker.sock"})).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(sshSession2).To(Exit(0))
+		output := strings.TrimSpace(sshSession2.outputToString())
+		Expect(output).To(Equal("/run/podman/podman.sock"))
+	})
 })

pkg/machine/hyperv/machine.go

@@ -20,6 +20,7 @@ import (
 	"github.com/containers/podman/v4/pkg/machine"
 	"github.com/containers/podman/v4/utils"
 	"github.com/containers/storage/pkg/homedir"
+	"github.com/containers/storage/pkg/ioutils"
 	"github.com/docker/go-units"
 	"github.com/sirupsen/logrus"
 )
@@ -154,11 +155,7 @@ func (m *HyperVMachine) Init(opts machine.InitOptions) (bool, error) {
 	}
 
 	// Write the JSON file for the second time.  First time was in NewMachine
-	b, err := json.MarshalIndent(m, "", " ")
-	if err != nil {
-		return false, err
-	}
-	if err := os.WriteFile(m.ConfigPath.GetPath(), b, 0644); err != nil {
+	if err := m.writeConfig(); err != nil {
 		return false, err
 	}
 
@@ -391,7 +388,11 @@ func (m *HyperVMachine) Set(name string, opts machine.SetOptions) ([]error, erro
 	}
 
 	if opts.Rootful != nil && m.Rootful != *opts.Rootful {
-		setErrors = append(setErrors, hypervctl.ErrNotImplemented)
+		if err := m.setRootful(*opts.Rootful); err != nil {
+			setErrors = append(setErrors, fmt.Errorf("failed to set rootful option: %w", err))
+		} else {
+			m.Rootful = *opts.Rootful
+		}
 	}
 	if opts.DiskSize != nil && m.DiskSize != *opts.DiskSize {
 		setErrors = append(setErrors, hypervctl.ErrNotImplemented)
@@ -405,38 +406,31 @@ func (m *HyperVMachine) Set(name string, opts machine.SetOptions) ([]error, erro
 		memoryChanged = true
 	}
 
-	if !cpuChanged && !memoryChanged {
-		switch len(setErrors) {
-		case 0:
-			return nil, nil
-		case 1:
-			return nil, setErrors[0]
-		default:
-			return setErrors[1:], setErrors[0]
+	if cpuChanged || memoryChanged {
+		err := vm.UpdateProcessorMemSettings(func(ps *hypervctl.ProcessorSettings) {
+			if cpuChanged {
+				ps.VirtualQuantity = m.CPUs
+			}
+		}, func(ms *hypervctl.MemorySettings) {
+			if memoryChanged {
+				ms.DynamicMemoryEnabled = false
+				ms.VirtualQuantity = m.Memory
+				ms.Limit = m.Memory
+				ms.Reservation = m.Memory
+			}
+		})
+		if err != nil {
+			setErrors = append(setErrors, err)
 		}
 	}
-	// Write the new JSON out
-	// considering this a hard return if we cannot write the JSON file.
-	b, err := json.MarshalIndent(m, "", " ")
-	if err != nil {
-		return setErrors, err
-	}
-	if err := os.WriteFile(m.ConfigPath.GetPath(), b, 0644); err != nil {
-		return setErrors, err
+
+	if len(setErrors) > 0 {
+		return setErrors, setErrors[0]
 	}
 
-	return setErrors, vm.UpdateProcessorMemSettings(func(ps *hypervctl.ProcessorSettings) {
-		if cpuChanged {
-			ps.VirtualQuantity = m.CPUs
-		}
-	}, func(ms *hypervctl.MemorySettings) {
-		if memoryChanged {
-			ms.DynamicMemoryEnabled = false
-			ms.VirtualQuantity = m.Memory
-			ms.Limit = m.Memory
-			ms.Reservation = m.Memory
-		}
-	})
+	// Write the new JSON out
+	// considering this a hard return if we cannot write the JSON file.
+	return setErrors, m.writeConfig()
 }
 
 func (m *HyperVMachine) SSH(name string, opts machine.SSHOptions) error {
@@ -472,7 +466,20 @@ func (m *HyperVMachine) Start(name string, opts machine.StartOptions) error {
 		return err
 	}
 	// Wait on notification from the guest
-	return m.ReadyHVSock.Listen()
+	if err := m.ReadyHVSock.Listen(); err != nil {
+		return err
+	}
+
+	if m.HostUser.Modified {
+		if machine.UpdatePodmanDockerSockService(m, name, m.UID, m.Rootful) == nil {
+			// Reset modification state if there are no errors, otherwise ignore errors
+			// which are already logged
+			m.HostUser.Modified = false
+			_ = m.writeConfig()
+		}
+	}
+
+	return nil
 }
 
 func (m *HyperVMachine) State(_ bool) (machine.Status, error) {
@@ -661,3 +668,44 @@ func (m *HyperVMachine) forwardSocketPath() (*machine.VMFile, error) {
 	}
 	return machine.NewMachineFile(filepath.Join(path, sockName), &sockName)
 }
+
+func (m *HyperVMachine) writeConfig() error {
+	// Write the JSON file
+	opts := &ioutils.AtomicFileWriterOptions{ExplicitCommit: true}
+	w, err := ioutils.NewAtomicFileWriterWithOpts(m.ConfigPath.GetPath(), 0644, opts)
+	if err != nil {
+		return err
+	}
+	defer w.Close()
+
+	enc := json.NewEncoder(w)
+	enc.SetIndent("", " ")
+
+	if err := enc.Encode(m); err != nil {
+		return err
+	}
+
+	// Commit the changes to disk if no errors
+	return w.Commit()
+}
+
+func (m *HyperVMachine) setRootful(rootful bool) error {
+	changeCon, err := machine.AnyConnectionDefault(m.Name, m.Name+"-root")
+	if err != nil {
+		return err
+	}
+
+	if changeCon {
+		newDefault := m.Name
+		if rootful {
+			newDefault += "-root"
+		}
+		err := machine.ChangeDefault(newDefault)
+		if err != nil {
+			return err
+		}
+	}
+
+	m.HostUser.Modified = true
+	return nil
+}