rootless netns: eval symlink for XDG_RUNTIME_DIR

When we bind mount the old XDG_RUNTIME_DIR to the new fake /run it will cause issues when the XDG_RUNTIME_DIR is a symlink since they do not exists in the new path hierarchy. To fix this we can just follow the symlink before we try to use the path. Fixes containers#14606 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Luap99 · Jun 20, 2022 · 6e37c47 · 6e37c47
1 parent 55052c6
commit 6e37c47
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
@@ -134,6 +134,12 @@ func (r *RootlessNetNS) Do(toRun func() error) error {
 		if err != nil {
 			return errors.Wrap(err, "could not get runtime directory")
 		}
+		// eval symlinks since they may not exists in the new path: https://github.com/containers/podman/issues/14606
+		xdgRuntimeDir, err = filepath.EvalSymlinks(xdgRuntimeDir)
+		if err != nil {
+			return err
+		}
+
 		newXDGRuntimeDir := r.getPath(xdgRuntimeDir)
 		// 1. Mount the netns into the new run to keep them accessible.
 		// Otherwise cni setup will fail because it cannot access the netns files.
@@ -398,6 +404,11 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
 	if err != nil {
 		return nil, err
 	}
+	// eval symlinks since they may not exists in the new path: https://github.com/containers/podman/issues/14606
+	nsDir, err = filepath.EvalSymlinks(nsDir)
+	if err != nil {
+		return nil, err
+	}
 
 	// create a hash from the static dir
 	// the cleanup will check if there are running containers

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
@@ -754,4 +754,22 @@ EOF
     done
 }
 
+@test "podman rootless netns work with symlink" {
+    is_rootless || skip "only meaningful for rootless"
+    if ! readlink /var/run; then
+        skip "/var/run is not a symlink: cannot test this bug"
+    fi
+    NEW_XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR
+    if [[ "${XDG_RUNTIME_DIR:0:8}" != "/var/run" ]]; then
+        if [[ "${XDG_RUNTIME_DIR:0:4}" != "/run" ]]; then
+            skip "XDG_RUNTIME_DIR: \"$XDG_RUNTIME_DIR\" does not point to /run/...: cannot test this bug"
+        fi
+        NEW_XDG_RUNTIME_DIR="/var$XDG_RUNTIME_DIR"
+    fi
+
+    # NOTE: the --root/--runroot are required to force a new boltdb and not reuse old chached paths
+    XDG_RUNTIME_DIR="$NEW_XDG_RUNTIME_DIR" run_podman --root $PODMAN_TMPDIR/root --runroot $PODMAN_TMPDIR/runroot unshare --rootless-netns ip a
+    is "$output" ".*tap0.*" "slirp4netns interface exists in netns"
+}
+
 # vim: filetype=sh