rootless: propagate errors from GetRootlessRuntimeDir()

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

cmd/podman/libpodruntime/runtime.go

@@ -24,7 +24,11 @@ func GetRuntime(c *cli.Context) (*libpod.Runtime, error) {
 func GetRootlessStorageOpts() (storage.StoreOptions, error) {
 	var opts storage.StoreOptions
 
-	opts.RunRoot = filepath.Join(libpod.GetRootlessRuntimeDir(), "run")
+	rootlessRuntime, err := libpod.GetRootlessRuntimeDir()
+	if err != nil {
+		return opts, err
+	}
+	opts.RunRoot = filepath.Join(rootlessRuntime, "run")
 
 	dataDir := os.Getenv("XDG_DATA_HOME")
 	if dataDir == "" {

libpod/oci.go

@@ -180,6 +180,11 @@ func waitPidsStop(pids []int, timeout time.Duration) error {
 func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (err error) {
 	var stderrBuf bytes.Buffer
 
+	runtimeDir, err := GetRootlessRuntimeDir()
+	if err != nil {
+		return err
+	}
+
 	parentPipe, childPipe, err := newPipe()
 	if err != nil {
 		return errors.Wrapf(err, "error creating socket pair")
@@ -253,7 +258,7 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (er
 	// 0, 1 and 2 are stdin, stdout and stderr
 	cmd.Env = append(r.conmonEnv, fmt.Sprintf("_OCI_SYNCPIPE=%d", 3))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("_OCI_STARTPIPE=%d", 4))
-	cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", GetRootlessRuntimeDir()))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
 	if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
 		cmd.Env = append(cmd.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify))
 	}
@@ -362,11 +367,16 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (er
 func (r *OCIRuntime) updateContainerStatus(ctr *Container) error {
 	state := new(spec.State)
 
+	runtimeDir, err := GetRootlessRuntimeDir()
+	if err != nil {
+		return err
+	}
+
 	// Store old state so we know if we were already stopped
 	oldState := ctr.state.State
 
 	cmd := exec.Command(r.path, "state", ctr.ID())
-	cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", GetRootlessRuntimeDir()))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
 
 	out, err := cmd.CombinedOutput()
 	if err != nil {
@@ -556,6 +566,11 @@ func (r *OCIRuntime) execContainer(c *Container, cmd, capAdd, env []string, tty
 		return nil, errors.Wrapf(ErrEmptyID, "must provide a session ID for exec")
 	}
 
+	runtimeDir, err := GetRootlessRuntimeDir()
+	if err != nil {
+		return nil, err
+	}
+
 	args := []string{}
 
 	// TODO - should we maintain separate logpaths for exec sessions?
@@ -597,7 +612,7 @@ func (r *OCIRuntime) execContainer(c *Container, cmd, capAdd, env []string, tty
 	execCmd.Stdout = os.Stdout
 	execCmd.Stderr = os.Stderr
 	execCmd.Stdin = os.Stdin
-	execCmd.Env = append(execCmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", GetRootlessRuntimeDir()))
+	execCmd.Env = append(execCmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
 	return execCmd, nil
 }
 

libpod/runtime.go

@@ -167,7 +167,7 @@ var (
 		CgroupManager: CgroupfsCgroupsManager,
 		HooksDir:      hooks.DefaultDir,
 		StaticDir:     filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"),
-		TmpDir:        getDefaultTmpDir(),
+		TmpDir:        "",
 		MaxLogSize:    -1,
 		NoPivotRoot:   false,
 		CNIConfigDir:  "/etc/cni/net.d/",
@@ -176,7 +176,7 @@ var (
 )
 
 // GetRootlessRuntimeDir returns the runtime directory when running as non root
-func GetRootlessRuntimeDir() string {
+func GetRootlessRuntimeDir() (string, error) {
 	runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
 	uid := fmt.Sprintf("%d", rootless.GetRootlessUID())
 	if runtimeDir == "" {
@@ -196,18 +196,29 @@ func GetRootlessRuntimeDir() string {
 		}
 	}
 	if runtimeDir == "" {
-		runtimeDir = filepath.Join(os.Getenv("HOME"), "rundir")
+		home := os.Getenv("HOME")
+		if home == "" {
+			return "", fmt.Errorf("neither XDG_RUNTIME_DIR nor HOME was set non-empty")
+		}
+		resolvedHome, err := filepath.EvalSymlinks(home)
+		if err != nil {
+			return "", errors.Wrapf(err, "cannot resolve %s", home)
+		}
+		runtimeDir = filepath.Join(resolvedHome, "rundir")
 	}
-	return runtimeDir
+	return runtimeDir, nil
 }
 
-func getDefaultTmpDir() string {
+func getDefaultTmpDir() (string, error) {
 	if !rootless.IsRootless() {
-		return "/var/run/libpod"
+		return "/var/run/libpod", nil
 	}
 
-	rootlessRuntimeDir := GetRootlessRuntimeDir()
+	rootlessRuntimeDir, err := GetRootlessRuntimeDir()
-	return filepath.Join(rootlessRuntimeDir, "libpod", "tmp")
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(rootlessRuntimeDir, "libpod", "tmp"), nil
 }
 
 // NewRuntime creates a new container runtime
@@ -217,7 +228,12 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
 	runtime.config = new(RuntimeConfig)
 
 	// Copy the default configuration
+	tmpDir, err := getDefaultTmpDir()
+	if err != nil {
+		return nil, err
+	}
 	deepcopier.Copy(defaultRuntimeConfig).To(runtime.config)
+	runtime.config.TmpDir = tmpDir
 
 	configPath := ConfigPath
 	foundConfig := true
@@ -227,9 +243,14 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
 			foundConfig = false
 		}
 
+		runtimeDir, err := GetRootlessRuntimeDir()
+		if err != nil {
+			return nil, err
+		}
+
 		// containers/image uses XDG_RUNTIME_DIR to locate the auth file.
 		// So make sure the env variable is set.
-		err = os.Setenv("XDG_RUNTIME_DIR", GetRootlessRuntimeDir())
+		err = os.Setenv("XDG_RUNTIME_DIR", runtimeDir)
 		if err != nil {
 			return nil, errors.Wrapf(err, "cannot set XDG_RUNTIME_DIR")
 		}