From f5c3395528861e11b7e3df65c48ed7ab939db741 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 20 Jun 2022 16:02:08 +0200 Subject: [PATCH] rootless netns: eval symlink for XDG_RUNTIME_DIR When we bind mount the old XDG_RUNTIME_DIR to the new fake /run it will cause issues when the XDG_RUNTIME_DIR is a symlink since they do not exists in the new path hierarchy. To fix this we can just follow the symlink before we try to use the path. This fix is kinda ugly, our XDG_RUNTIME_DIR code is all over the place. We should work on consolidating this sooner than later. Fixes #14606 Signed-off-by: Paul Holzinger --- libpod/networking_linux.go | 2 +- libpod/runtime.go | 12 +++--------- pkg/util/utils_supported.go | 5 +++++ test/system/500-networking.bats | 19 +++++++++++++++++++ 4 files changed, 28 insertions(+), 10 deletions(-) diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index a83423c9f23d..c3e6ccf648ca 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -26,12 +26,12 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/common/pkg/machine" "github.com/containers/common/pkg/netns" - "github.com/containers/common/pkg/util" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/podman/v4/pkg/namespaces" "github.com/containers/podman/v4/pkg/rootless" + "github.com/containers/podman/v4/pkg/util" "github.com/containers/podman/v4/utils" "github.com/containers/storage/pkg/lockfile" "github.com/opencontainers/runtime-spec/specs-go" diff --git a/libpod/runtime.go b/libpod/runtime.go index 11ec750b171b..8208990caebb 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -135,15 +135,9 @@ func SetXdgDirs() error { return nil } - // Set up XDG_RUNTIME_DIR - runtimeDir := os.Getenv("XDG_RUNTIME_DIR") - - if runtimeDir == "" { - var err error - runtimeDir, err = util.GetRuntimeDir() - if err != nil { - return err - } + runtimeDir, err := util.GetRuntimeDir() + if err != nil { + return err } if err := os.Setenv("XDG_RUNTIME_DIR", runtimeDir); err != nil { return errors.Wrapf(err, "cannot set XDG_RUNTIME_DIR") diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go index 50e4b1b7b170..d99f3403099c 100644 --- a/pkg/util/utils_supported.go +++ b/pkg/util/utils_supported.go @@ -61,6 +61,11 @@ func GetRuntimeDir() (string, error) { } runtimeDir = filepath.Join(resolvedHome, "rundir") } + runtimeDir, err := filepath.EvalSymlinks(runtimeDir) + if err != nil { + rootlessRuntimeDirError = fmt.Errorf("cannot resolve runtime dir: %w", err) + return + } rootlessRuntimeDir = runtimeDir }) diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index fb785177cd54..a375405f5e84 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -754,4 +754,23 @@ EOF done } +@test "podman rootless netns work with symlink" { + # regression test for https://github.com/containers/podman/issues/14606 + is_rootless || skip "only meaningful for rootless" + if ! readlink /var/run; then + skip "/var/run is not a symlink: cannot test this bug" + fi + NEW_XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR + if [[ "${XDG_RUNTIME_DIR:0:8}" != "/var/run" ]]; then + if [[ "${XDG_RUNTIME_DIR:0:4}" != "/run" ]]; then + skip "XDG_RUNTIME_DIR: \"$XDG_RUNTIME_DIR\" does not point to /run/...: cannot test this bug" + fi + NEW_XDG_RUNTIME_DIR="/var$XDG_RUNTIME_DIR" + fi + + # This only failed with netavark, CNI already worked before the fix. + XDG_RUNTIME_DIR="$NEW_XDG_RUNTIME_DIR" run_podman run --network bridge --rm $IMAGE ip a + is "$output" ".*eth0.*" "container interface exists in netns" +} + # vim: filetype=sh