Colima using global tmp preventing vm start-up in multi user usage when using --vm-type=vz

[zavierboyd]

Description

Colima has problems with using /tmp/colima or /tmp/colima-<profile> when used in a multi user context
Specifically when 2 users run colima start separately one users container will not be able to access /tmp/colima as that folder is owned by another user. When the vm-type is qemu this error is ignored and colima continues with the --very-verbose log containing this:

> [hostagent] The essential requirement 4 of 4 is satisfied
> [hostagent] Mounting "/Users/<userb>" on "/Users/<userb>"
> [hostagent] Mounting "/tmp/colima" on "/tmp/colima"
> [hostagent] chdir to "/tmp/colima" failed: Permission denied
> [hostagent] Waiting for the guest agent to be running

When the vm-type is vz this creates a full exception with an error line of:

{"level":"fatal","msg":"Error Domain=VZErrorDomain Code=2 Description=\"Invalid virtual machine configuration. A directory sharing device configuration is invalid.\" UserInfo={\n    NSLocalizedFailure = \"Invalid virtual machine configuration.\";\n    NSLocalizedFailureReason = \"A directory sharing device configuration is invalid.\";\n    NSUnderlyingError = \"Error Domain=NSPOSIXErrorDomain Code=13 \\\"Permission denied\\\"\";\n}","time":"2024-02-27T15:25:16+13:00"}

and fails to start up

---

This seems to only happen when the /tmp/colima dir is initially created by --vm-type=vz where the dir has rwxr-x--- (750) perms vs rwxr-xr-x (755) perms when created by --vm-type=qemu as --vm-type=vz in other logins can still use that dir.

Version

originally found on:
colima version 0.6.7
git commit: ba1be00
limactl version 0.19.0
qemu-img version 8.2.0
Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers

Also tested on:
colima version 0.6.8
git commit: 9b0809d
limactl version 0.19.1
qemu-img version 8.2.1
Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers

Operating System

• macOS Intel <= 13 (Ventura)
• macOS Intel >= 14 (Sonoma)
• Apple Silicon <= 13 (Ventura)
• Apple Silicon >= 14 (Sonoma)
• Linux

Output of colima status

colima doesn't start running on vz. All examples were run with --network-address
It appears to be a non-problem with qemu as I successfully ran the hello-world docker image with the permission denied.

Reproduction Steps

Start from clean state. Delete the /tmp/colima* dirs

1. run colima start --vm-type=vz in userA
2. run colima stop in userA
3. log in to userB
4. run colima start --vm-type=vz in userB

outcome: colima fails to run with an error of

{"level":"fatal","msg":"Error Domain=VZErrorDomain Code=2 Description=\"Invalid virtual machine configuration. A directory sharing device configuration is invalid.\" UserInfo={\n    NSLocalizedFailure = \"Invalid virtual machine configuration.\";\n    NSLocalizedFailureReason = \"A directory sharing device configuration is invalid.\";\n    NSUnderlyingError = \"Error Domain=NSPOSIXErrorDomain Code=13 \\\"Permission denied\\\"\";\n}","time":"2024-02-27T15:25:16+13:00"}

in the ha_stderr.log

the /tmp/colima folder will have permissions of userA wheel rwxr-x---

---

Start from clean state. Delete the /tmp/colima* dirs

1. run colima start --vm-type=qemu in userA
2. run colima stop in userA
3. log in to userB
4. run colima start --vm-type=vz in userB
   outcome: colima runs correctly and can run the hello-world docker image

the /tmp/colima folder will have permissions of userA wheel rwxr-xr-x

Expected behaviour

Colima should handle the /tmp/colima* directories being owned by other users and be able to start up the container regardless.

Additional context

I have only tested this on Mac M1 Sonoma.
I have installed colima using nix flakes
exact flake urls for colima:
github:NixOS/nixpkgs/63143ac2c9186be6d9da6035fa22620018c85932#colima v0.6.7
github:NixOS/nixpkgs/fcea2b6260dd566c28c894b4207a5f2b56c2cba3#colima v0.6.8