Fix #10961 NFS sharing in macOS 10.15 host

On OS X 10.15, / is read-only and paths inside of /Users (and elsewhere) are mounted via a "firmlink" (which is a new invention in APFS). These must be resolved to their full path to be shareable via NFS. /Users/johnsmith/mycode => /System/Volumes/Data/Users/johnsmith/mycode We check to see if a path is mounted here with `df`, and prepend it. Firmlinks are only createable by the OS and this wasn't supposed to be visible to applications anyway: https://developer.apple.com/videos/play/wwdc2019/710/?time=481
2019-10-06 00:40:54 -04:00 · 2019-10-06 00:40:54 -04:00 · ae9c3e28d6
parent 72043a8a79
commit ae9c3e28d6
2 changed files with 70 additions and 0 deletions
--- a/plugins/hosts/bsd/cap/nfs.rb
+++ b/plugins/hosts/bsd/cap/nfs.rb
@ -8,6 +8,18 @@ module VagrantPlugins
  module HostBSD
    module Cap
      class NFS
+        # On OS X 10.15, / is read-only and paths inside of /Users (and elsewhere) are mounted
+        # via a "firmlink" (which is a new invention in APFS). These must be resolved to their
+        # full path to be shareable via NFS.
+        # /Users/johnsmith/mycode   becomes   /System/Volumes/Data/Users/johnsmith/mycode
+        # we check to see if a path is mounted here with `df`, and prepend it.
+        #
+        # Firmlinks are only createable by the OS, so a hardcoded path should be fine, until
+        # Apple gets crazier. This wasn't supposed to be visible to applications anyway:
+        # https://developer.apple.com/videos/play/wwdc2019/710/?time=481
+        # see also https://github.com/hashicorp/vagrant/issues/10961
+        OSX_FIRMLINK_HACK = "/System/Volumes/Data"
+
        def self.nfs_export(environment, ui, id, ips, folders)
          nfs_exports_template = environment.host.capability(:nfs_exports_template)
          nfs_restart_command  = environment.host.capability(:nfs_restart_command)
@ -15,6 +27,13 @@ module VagrantPlugins

          nfs_checkexports! if File.file?("/etc/exports")

+          # Check to see if this folder is mounted 1) as APFS and 2) within the /System/Volumes/Data volume
+          # on OS X, which is a read-write "firmlink", and must be prepended so it can be shared via NFS
+          # we also need to directly mutate the :hostpath if we change it, so that it's mounted with the
+          # prefix.
+          logger.debug("Checking to see if NFS exports are in an APFS firmlink...")
+          nfs_check_folders_for_apfs folders
+
          # We need to build up mapping of directories that are enclosed
          # within each other because the exports file has to have subdirectories
          # of an exported directory on the same line. e.g.:
@ -192,6 +211,18 @@ module VagrantPlugins
            raise Vagrant::Errors::NFSBadExports, output: r.stderr
          end
        end
+
+        def self.nfs_check_folders_for_apfs(folders)
+          folders.each do |_, opts|
+            # check to see if this path is mounted in an APFS filesystem, and if it's in the
+            # firmlink which must be prefixed.
+            is_mounted_apfs_command = "df -t apfs #{opts[:hostpath]}"
+            result = Vagrant::Util::Subprocess.execute(*Shellwords.split(is_mounted_apfs_command))
+            if (result.stdout.include? OSX_FIRMLINK_HACK)
+              opts[:hostpath].prepend(OSX_FIRMLINK_HACK)
+            end
+          end
+        end
      end
    end
  end
--- a/test/unit/plugins/hosts/bsd/cap/nfs_test.rb
+++ b/test/unit/plugins/hosts/bsd/cap/nfs_test.rb
@ -0,0 +1,39 @@
+require_relative "../../../../base"
+require_relative "../../../../../../plugins/hosts/bsd/cap/nfs"
+require_relative "../../../../../../lib/vagrant/util"
+
+describe VagrantPlugins::HostBSD::Cap::NFS do
+
+  include_context "unit"
+
+  describe ".nfs_check_folders_for_apfs" do
+    it "should prefix host paths that are mounted in /System/Volumes/Data" do
+      output_from_df = <<-EOH
+Filesystem    512-blocks      Used Available Capacity iused      ifree %iused  Mounted on
+/dev/disk1s1   976490568 392813584 555082648    42% 1177049 4881275791    0%   /System/Volumes/Data
+EOH
+      expect(Vagrant::Util::Subprocess).to receive(:execute).and_return(
+        Vagrant::Util::Subprocess::Result.new(0, output_from_df, "")
+      )
+
+      folders = {"/vagrant"=>{:hostpath=>"/Users/johndoe/vagrant",:bsd__nfs_options=>["rw"]}}
+      described_class.nfs_check_folders_for_apfs(folders)
+      expect(folders["/vagrant"][:hostpath]).to eq("/System/Volumes/Data/Users/johndoe/vagrant")
+    end
+
+    it "should not prefix host paths that are mounted in elsewhere" do
+      output_from_df = <<-EOH
+Filesystem    512-blocks      Used Available Capacity iused      ifree %iused  Mounted on
+/dev/disk1s5   976490568  20634032 554201072     4%  481588 4881971252    0%   /
+EOH
+      expect(Vagrant::Util::Subprocess).to receive(:execute).and_return(
+        Vagrant::Util::Subprocess::Result.new(0, output_from_df, "")
+      )
+
+      folders = {"/vagrant"=>{:hostpath=>"/",:bsd__nfs_options=>["rw"]}}
+      described_class.nfs_check_folders_for_apfs(folders)
+      expect(folders["/vagrant"][:hostpath]).to eq("/")
+    end
+
+  end
+end