fix: Spelling mistake (#1105)

.github/workflows/review.yml

@@ -26,7 +26,7 @@ jobs:
             *.md
             *.sh
           reporter: github-pr-review
-          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Hadolint
         uses: reviewdog/action-hadolint@v1
@@ -34,28 +34,28 @@ jobs:
           level: warning
           reporter: github-pr-review
           hadolint_ignore: DL3008 DL3003 DL3006 DL3013
-          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
       -
         name: YamlLint
         uses: reviewdog/action-yamllint@v1
         with:
           level: warning
           reporter: github-pr-review
-          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
       -
         name: ActionLint
         uses: reviewdog/action-actionlint@v1
         with:
           level: warning
           reporter: github-pr-review
-          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Shellformat
         uses: reviewdog/action-shfmt@v1
         with:
           level: warning
           shfmt_flags: "-i 2 -ci -bn"
-          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Shellcheck
         uses: reviewdog/action-shellcheck@v1
@@ -63,4 +63,4 @@ jobs:
           level: warning
           reporter: github-pr-review
           shellcheck_flags: -x -e SC2001 -e SC2034 -e SC2064 -e SC2317 -e SC2153 -e SC2028          
-          github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}

src/disk.sh

@@ -346,7 +346,7 @@ checkFS () {
   DIR=$(dirname "$DISK_FILE")
   [ ! -d "$DIR" ] && return 0
 
-  if [[ "${FS,,}" == "overlay"* && "$PODMAN" != [Yy1]* ]]; then
+  if [[ "${FS,,}" == "overlay"* && "${ENGINE,,}" == "docker" ]]; then
     warn "the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!"
   fi
 

src/install.sh

@@ -80,7 +80,7 @@ rm -f "$STORAGE/$BASE.system.img"
 # Check filesystem
 FS=$(stat -f -c %T "$STORAGE")
 
-if [[ "${FS,,}" == "overlay"* && "$PODMAN" != [Yy1]* ]]; then
+if [[ "${FS,,}" == "overlay"* && "${ENGINE,,}" == "docker" ]]; then
   warn "the filesystem of $STORAGE is OverlayFS, this usually means it was binded to an invalid path!"
 fi
 

src/network.sh

@@ -309,7 +309,7 @@ configurePasst() {
   NETWORK="passt"
   [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring user-mode networking..."
 
-  local log="/var/log/passt.log"
+  local log="/tmp/passt.log"
   rm -f "$log"
 
   local pid="/var/run/dnsmasq.pid"
@@ -346,13 +346,7 @@ configurePasst() {
 
   PASST_OPTS+=" -H $VM_NET_HOST"
   PASST_OPTS+=" -M $GATEWAY_MAC"
-
+  PASST_OPTS+=" -P /tmp/passt.pid"
-  local uid gid
-  uid=$(id -u)
-  gid=$(id -g)
-  PASST_OPTS+=" --runas $uid:$gid"
-
-  PASST_OPTS+=" -P /var/run/passt.pid"
   PASST_OPTS+=" -l $log"
   PASST_OPTS+=" -q"
 
@@ -410,7 +404,7 @@ configureNAT() {
   fi
 
   if [ ! -c /dev/net/tun ]; then
-    [[ "$PODMAN" == [Yy1]* ]] && return 1
+    [[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
     warn "$tuntap" && return 1
   fi
 
@@ -418,7 +412,7 @@ configureNAT() {
   if [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
     { sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1; rc=$?; } || :
     if (( rc != 0 )) || [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
-      [[ "$PODMAN" == [Yy1]* ]] && return 1
+      [[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
       warn "IP forwarding is disabled. $ADD_ERR --sysctl net.ipv4.ip_forward=1"
       return 1
     fi
@@ -445,7 +439,7 @@ configureNAT() {
   { ip link add dev "$VM_NET_BRIDGE" type bridge ; rc=$?; } || :
 
   if (( rc != 0 )); then
-    [[ "$PODMAN" == [Yy1]* ]] && return 1
+    [[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
     warn "failed to create bridge. $ADD_ERR --cap-add NET_ADMIN" && return 1
   fi
 
@@ -460,7 +454,7 @@ configureNAT() {
 
   # QEMU Works with taps, set tap to the bridge created
   if ! ip tuntap add dev "$VM_NET_TAP" mode tap; then
-    [[ "$PODMAN" == [Yy1]* ]] && return 1
+    [[ "$ROOTLESS" == [Yy1]* && "$DEBUG" != [Yy1]* ]] && return 1
     warn "$tuntap" && return 1
   fi
 
@@ -536,11 +530,11 @@ configureNAT() {
 
 closeBridge() {
 
-  local pid="/var/run/dnsmasq.pid"
+  local pid="/tmp/passt.pid"
   [ -s "$pid" ] && pKill "$(<"$pid")"
   rm -f "$pid"
 
-  pid="/var/run/passt.pid"
+  pid="/var/run/dnsmasq.pid"
   [ -s "$pid" ] && pKill "$(<"$pid")"
   rm -f "$pid"
 
@@ -598,8 +592,8 @@ closeNetwork() {
 cleanUp() {
 
   # Clean up old files
+  rm -f /tmp/passt.pid
   rm -f /etc/resolv.dnsmasq
-  rm -f /var/run/passt.pid
   rm -f /var/run/dnsmasq.pid
 
   if [[ -d "/sys/class/net/$VM_NET_TAP" ]]; then
@@ -640,7 +634,7 @@ getInfo() {
     [ -d "/sys/class/net/net1" ] && VM_NET_DEV="net1"
     [ -d "/sys/class/net/net2" ] && VM_NET_DEV="net2"
     [ -d "/sys/class/net/net3" ] && VM_NET_DEV="net3"
-    # Automaticly detect the default network interface
+    # Automatically detect the default network interface
     [ -z "$VM_NET_DEV" ] && VM_NET_DEV=$(awk '$2 == 00000000 { print $1 }' /proc/net/route)
     [ -z "$VM_NET_DEV" ] && VM_NET_DEV="eth0"
   fi
@@ -802,7 +796,7 @@ else
         closeBridge
         NETWORK="user"
 
-        if [[ "$PODMAN" != [Yy1]* ]]; then
+        if [[ "$ROOTLESS" != [Yy1]* || "$DEBUG" == [Yy1]* ]]; then
           msg="falling back to user-mode networking!"
           msg="failed to setup NAT networking, $msg"
           warn "$msg"

src/proc.sh

@@ -33,9 +33,8 @@ if [[ "$KVM" != [Nn]* ]]; then
   KVM_OPTS=",accel=kvm -enable-kvm -global kvm-pit.lost_tick_policy=discard"
 
   if ! grep -qw "sse4_2" <<< "$flags"; then
-    info "Your CPU does not have the SSE4 instruction set that Virtual DSM requires, it will be emulated..."
+    error "Your CPU does not have the SSE4 instruction set that Virtual DSM requires!"
-    [ -z "$CPU_MODEL" ] && CPU_MODEL="qemu64"
+    [[ "$DEBUG" != [Yy1]* ]] && exit 88
-    CPU_FEATURES+=",+ssse3,+sse4.1,+sse4.2"
   fi
 
   if [ -z "$CPU_MODEL" ]; then

src/reset.sh

@@ -24,19 +24,40 @@ trap 'error "Status $? while: $BASH_COMMAND (line $LINENO/$BASH_LINENO)"' ERR
 
 # Helper variables
 
-PODMAN="N"
+ROOTLESS="N"
+PRIVILEGED="N"
 ENGINE="Docker"
 PROCESS="${APP,,}"
 PROCESS="${PROCESS// /-}"
 
 if [ -f "/run/.containerenv" ]; then
-  PODMAN="Y"
+  ENGINE="${container:-}"
+  if [[ "${ENGINE,,}" == *"podman"* ]]; then
+    ROOTLESS="Y"
     ENGINE="Podman"
+  else
+    [ -z "$ENGINE" ] && ENGINE="Kubernetes"
+  fi
 fi
 
 echo "❯ Starting $APP for $ENGINE v$(</run/version)..."
 echo "❯ For support visit $SUPPORT"
 
+# Get the capability bounding set
+CAP_BND=$(grep '^CapBnd:' /proc/$$/status | awk '{print $2}')
+CAP_BND=$(printf "%d" "0x${CAP_BND}")
+
+# Get the last capability number
+LAST_CAP=$(cat /proc/sys/kernel/cap_last_cap)
+
+# Calculate the maximum capability value
+MAX_CAP=$(((1 << (LAST_CAP + 1)) - 1))
+
+if [ "${CAP_BND}" -eq "${MAX_CAP}" ]; then
+  ROOTLESS="N"
+  PRIVILEGED="Y"
+fi
+
 INFO="/run/shm/msg.html"
 PAGE="/run/shm/index.html"
 TEMPLATE="/var/www/index.html"
@@ -166,6 +187,10 @@ if [[ "$KVM" != [Nn]* ]]; then
         if ! grep -qw "vmx\|svm" <<< "$flags"; then
           KVM_ERR="(not enabled in BIOS)"
         fi
+        if ! grep -qw "sse4_2" <<< "$flags"; then
+          error "Your CPU does not have the SSE4 instruction set that Virtual DSM requires!"
+          [[ "$DEBUG" != [Yy1]* ]] && exit 88
+        fi
       fi
     fi
   fi