rootless cni add /usr/sbin to PATH if not present

The CNI plugins need access to iptables in $PATH. On debian /usr/sbin is not added to $PATH for rootless users. This will break rootless cni completely. To prevent breaking existing users add /usr/sbin to $PATH in podman if needed. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2026-03-13 08:01:19 +08:00 · 2021-04-06 23:39:09 +02:00
parent d83f49ef6b
commit f230214db1
2 changed files with 25 additions and 0 deletions
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -411,6 +411,16 @@ func (r *Runtime) getRootlessCNINetNs(new bool) (*rootlessCNI, error) {
 			}
 		}

+		// The CNI plugins need access to iptables in $PATH. As it turns out debian doesn't put
+		// /usr/sbin in $PATH for rootless users. This will break rootless cni completely.
+		// We might break existing users and we cannot expect everyone to change their $PATH so
+		// lets add /usr/sbin to $PATH ourselves.
+		path = os.Getenv("PATH")
+		if !strings.Contains(path, "/usr/sbin") {
+			path = path + ":/usr/sbin"
+			os.Setenv("PATH", path)
+		}
+
 		rootlessCNINS = &rootlessCNI{
 			ns:   ns,
 			dir:  cniDir,