rootless netns: eval symlink for XDG_RUNTIME_DIR

When we bind mount the old XDG_RUNTIME_DIR to the new fake /run it will cause issues when the XDG_RUNTIME_DIR is a symlink since they do not exists in the new path hierarchy. To fix this we can just follow the symlink before we try to use the path. This fix is kinda ugly, our XDG_RUNTIME_DIR code is all over the place. We should work on consolidating this sooner than later. Fixes containers#14606 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Luap99 · Jun 27, 2022 · adda5fc · adda5fc
1 parent 3176b3f
commit adda5fc
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 10 deletions.
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
@@ -26,12 +26,12 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/machine"
 	"github.com/containers/common/pkg/netns"
-	"github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/libpod/events"
 	"github.com/containers/podman/v4/pkg/errorhandling"
 	"github.com/containers/podman/v4/pkg/namespaces"
 	"github.com/containers/podman/v4/pkg/rootless"
+	"github.com/containers/podman/v4/pkg/util"
 	"github.com/containers/podman/v4/utils"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/opencontainers/runtime-spec/specs-go"
@@ -134,6 +134,7 @@ func (r *RootlessNetNS) Do(toRun func() error) error {
 		if err != nil {
 			return errors.Wrap(err, "could not get runtime directory")
 		}
+
 		newXDGRuntimeDir := r.getPath(xdgRuntimeDir)
 		// 1. Mount the netns into the new run to keep them accessible.
 		// Otherwise cni setup will fail because it cannot access the netns files.

diff --git a/libpod/runtime.go b/libpod/runtime.go
@@ -135,15 +135,9 @@ func SetXdgDirs() error {
 		return nil
 	}
 
-	// Set up XDG_RUNTIME_DIR
-	runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
-
-	if runtimeDir == "" {
-		var err error
-		runtimeDir, err = util.GetRuntimeDir()
-		if err != nil {
-			return err
-		}
+	runtimeDir, err := util.GetRuntimeDir()
+	if err != nil {
+		return err
 	}
 	if err := os.Setenv("XDG_RUNTIME_DIR", runtimeDir); err != nil {
 		return errors.Wrapf(err, "cannot set XDG_RUNTIME_DIR")

diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go
@@ -61,6 +61,11 @@ func GetRuntimeDir() (string, error) {
 			}
 			runtimeDir = filepath.Join(resolvedHome, "rundir")
 		}
+		runtimeDir, err := filepath.EvalSymlinks(runtimeDir)
+		if err != nil {
+			rootlessRuntimeDirError = fmt.Errorf("cannot resolve runtime dir: %w", err)
+			return
+		}
 		rootlessRuntimeDir = runtimeDir
 	})
 

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
@@ -754,4 +754,23 @@ EOF
     done
 }
 
+@test "podman rootless netns work with symlink" {
+    # regression test for https://github.com/containers/podman/issues/14606
+    is_rootless || skip "only meaningful for rootless"
+    if ! readlink /var/run; then
+        skip "/var/run is not a symlink: cannot test this bug"
+    fi
+    NEW_XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR
+    if [[ "${XDG_RUNTIME_DIR:0:8}" != "/var/run" ]]; then
+        if [[ "${XDG_RUNTIME_DIR:0:4}" != "/run" ]]; then
+            skip "XDG_RUNTIME_DIR: \"$XDG_RUNTIME_DIR\" does not point to /run/...: cannot test this bug"
+        fi
+        NEW_XDG_RUNTIME_DIR="/var$XDG_RUNTIME_DIR"
+    fi
+
+    # This only failed with netavark, CNI already worked before the fix.
+    XDG_RUNTIME_DIR="$NEW_XDG_RUNTIME_DIR" run_podman run --network bridge --rm $IMAGE ip a
+    is "$output" ".*eth0.*" "container interface exists in netns"
+}
+
 # vim: filetype=sh