From 657d65a25fff32d6a74665cf8e9b4580b9c55e5d Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Mon, 20 Jun 2022 16:02:08 +0200
Subject: [PATCH] rootless netns: eval symlink for XDG_RUNTIME_DIR

When we bind mount the old XDG_RUNTIME_DIR to the new fake /run it will
cause issues when the XDG_RUNTIME_DIR is a symlink since they do not
exists in the new path hierarchie. To fix this we can just follow the
symlink before we try to use the path.

Fixes #14606

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 libpod/networking_linux.go      | 11 +++++++++++
 test/system/500-networking.bats | 18 ++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index ee80b00fe1e3..0336f08f09e1 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -134,6 +134,12 @@ func (r *RootlessNetNS) Do(toRun func() error) error {
 		if err != nil {
 			return errors.Wrap(err, "could not get runtime directory")
 		}
+		// eval symlinks since they may not exists in the new path: https://github.com/containers/podman/issues/14606
+		xdgRuntimeDir, err = filepath.EvalSymlinks(xdgRuntimeDir)
+		if err != nil {
+			return err
+		}
+
 		newXDGRuntimeDir := r.getPath(xdgRuntimeDir)
 		// 1. Mount the netns into the new run to keep them accessible.
 		// Otherwise cni setup will fail because it cannot access the netns files.
@@ -398,6 +404,11 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
 	if err != nil {
 		return nil, err
 	}
+	// eval symlinks since they may not exists in the new path: https://github.com/containers/podman/issues/14606
+	nsDir, err = filepath.EvalSymlinks(nsDir)
+	if err != nil {
+		return nil, err
+	}
 
 	// create a hash from the static dir
 	// the cleanup will check if there are running containers
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 2ad53620dd33..2f365f051c38 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -754,4 +754,22 @@ EOF
     done
 }
 
+@test "podman rootless netns work with symlink" {
+    is_rootless || skip "only meaningful for rootless"
+    if ! readlink /var/run; then
+        skip "/var/run is not a symlink: cannot test this bug"
+    fi
+    NEW_XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR
+    if [[ "${XDG_RUNTIME_DIR:0:8}" != "/var/run" ]]; then
+        if [[ "${XDG_RUNTIME_DIR:0:4}" != "/run" ]]; then
+            skip "XDG_RUNTIME_DIR: \"$XDG_RUNTIME_DIR\" does not point to /run/...: cannot test this bug"
+        fi
+        NEW_XDG_RUNTIME_DIR="/var$XDG_RUNTIME_DIR"
+    fi
+
+    # NOTE: the --root/--runroot are required to force a new boltdb and not reuse old chached paths
+    XDG_RUNTIME_DIR="$NEW_XDG_RUNTIME_DIR" run_podman --root $PODMAN_TMPDIR/root --runroot $PODMAN_TMPDIR/runroot unshare --rootless-netns ip a
+    is "$output" ".*tap0.*" "slirp4netns interface exists in netns"
+}
+
 # vim: filetype=sh