opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-04 04:56:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/pkg/util/utils_supported.go
Jonathan Dieter b3014c1c69 Return empty runtime directory if we're not rootless 
Currently, we return a runtime directory of the form
`/run/user/<uid>`, even when running as root.  Depending on configuration,
that directory may be deleted when the user logs out, which is quite
awkward when the container is started as a systemd service and then
someone logs in and out as root.

This patch fixes the problem by returning an empty runtime directory if the
container is being started by root.  The runtime should automatically use
the default runtime directory (`/run/crun` when crun is used), which should
be accessible to root.

Tested in Fedora 31 by running containers under both root and a regular
user.  State for root containers is stored in `/run/crun`, while state for
rootless containers is in `/run/user/<uid>/crun`.

Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
2019-12-07 14:18:55 +00:00

113 lines
3.1 KiB
Go
Raw Blame History

// +build linux darwin
package util
// TODO once rootless function is consolidated under libpod, we
// should work to take darwin from this
import (
"fmt"
"os"
"path/filepath"
"syscall"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
// GetRuntimeDir returns the runtime directory
func GetRuntimeDir() (string, error) {
var rootlessRuntimeDirError error
if !rootless.IsRootless() {
return "", nil
}
rootlessRuntimeDirOnce.Do(func() {
runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
uid := fmt.Sprintf("%d", rootless.GetRootlessUID())
if runtimeDir == "" {
tmpDir := filepath.Join("/run", "user", uid)
if err := os.MkdirAll(tmpDir, 0700); err != nil {
logrus.Debugf("unable to make temp dir %s", tmpDir)
}
st, err := os.Stat(tmpDir)
if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
runtimeDir = tmpDir
}
}
if runtimeDir == "" {
tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("run-%s", uid))
if err := os.MkdirAll(tmpDir, 0700); err != nil {
logrus.Debugf("unable to make temp dir %s", tmpDir)
}
st, err := os.Stat(tmpDir)
if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
runtimeDir = tmpDir
}
}
if runtimeDir == "" {
home := os.Getenv("HOME")
if home == "" {
rootlessRuntimeDirError = fmt.Errorf("neither XDG_RUNTIME_DIR nor HOME was set non-empty")
return
}
resolvedHome, err := filepath.EvalSymlinks(home)
if err != nil {
rootlessRuntimeDirError = errors.Wrapf(err, "cannot resolve %s", home)
return
}
runtimeDir = filepath.Join(resolvedHome, "rundir")
}
rootlessRuntimeDir = runtimeDir
})
if rootlessRuntimeDirError != nil {
return "", rootlessRuntimeDirError
}
return rootlessRuntimeDir, nil
}
// GetRootlessConfigHomeDir returns the config home directory when running as non root
func GetRootlessConfigHomeDir() (string, error) {
var rootlessConfigHomeDirError error
rootlessConfigHomeDirOnce.Do(func() {
cfgHomeDir := os.Getenv("XDG_CONFIG_HOME")
if cfgHomeDir == "" {
home := os.Getenv("HOME")
resolvedHome, err := filepath.EvalSymlinks(home)
if err != nil {
rootlessConfigHomeDirError = errors.Wrapf(err, "cannot resolve %s", home)
return
}
tmpDir := filepath.Join(resolvedHome, ".config")
if err := os.MkdirAll(tmpDir, 0755); err != nil {
logrus.Errorf("unable to make temp dir %s", tmpDir)
}
st, err := os.Stat(tmpDir)
if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() >= 0700 {
cfgHomeDir = tmpDir
}
}
rootlessConfigHomeDir = cfgHomeDir
})
if rootlessConfigHomeDirError != nil {
return "", rootlessConfigHomeDirError
}
return rootlessConfigHomeDir, nil
}
// GetRootlessPauseProcessPidPath returns the path to the file that holds the pid for
// the pause process
func GetRootlessPauseProcessPidPath() (string, error) {
runtimeDir, err := GetRuntimeDir()
if err != nil {
return "", err
}
return filepath.Join(runtimeDir, "libpod", "pause.pid"), nil
}
Reference in New Issue View Git Blame Copy Permalink