Eval symlinks on XDG_RUNTIME_DIR

Partial Fix for containers#14606 [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan · Sep 23, 2022 · d91fe0e · d91fe0e
1 parent 0899351
commit d91fe0e
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 6 deletions.
diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go
@@ -103,7 +103,11 @@ func setXdgDirs() error {
 	}
 
 	if _, found := os.LookupEnv("DBUS_SESSION_BUS_ADDRESS"); !found {
-		sessionAddr := filepath.Join(os.Getenv("XDG_RUNTIME_DIR"), "bus")
+		runtimeDir, err := filepath.EvalSymlinks(os.Getenv("XDG_RUNTIME_DIR"))
+		if err != nil {
+			return err
+		}
+		sessionAddr := filepath.Join(runtimeDir, "bus")
 		if _, err := os.Stat(sessionAddr); err == nil {
 			os.Setenv("DBUS_SESSION_BUS_ADDRESS", "unix:path="+sessionAddr)
 		}

diff --git a/libpod/reset.go b/libpod/reset.go
@@ -157,7 +157,10 @@ func (r *Runtime) reset(ctx context.Context) error {
 		}
 	}
 
-	xdgRuntimeDir := filepath.Clean(os.Getenv("XDG_RUNTIME_DIR"))
+	xdgRuntimeDir, err := filepath.EvalSymlinks(os.Getenv("XDG_RUNTIME_DIR"))
+	if err != nil {
+		return err
+	}
 	_, prevError := r.store.Shutdown(true)
 	graphRoot := filepath.Clean(r.store.GraphRoot())
 	if graphRoot == xdgRuntimeDir {

diff --git a/libpod/runtime.go b/libpod/runtime.go
@@ -129,7 +129,10 @@ func SetXdgDirs() error {
 	}
 
 	// Set up XDG_RUNTIME_DIR
-	runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
+	runtimeDir, err := filepath.EvalSymlinks(os.Getenv("XDG_RUNTIME_DIR"))
+	if err != nil {
+		return err
+	}
 
 	if runtimeDir == "" {
 		var err error

diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
@@ -359,7 +359,8 @@ static void __attribute__((constructor)) init()
 
   /* Shortcut.  If we are able to join the pause pid file, do it now so we don't
      need to re-exec.  */
-  xdg_runtime_dir = getenv ("XDG_RUNTIME_DIR");
+    char path[PATH_MAX];
+    xdg_runtime_dir = realpath(getenv ("XDG_RUNTIME_DIR"), path);
   if (geteuid () != 0 && xdg_runtime_dir && xdg_runtime_dir[0] && can_use_shortcut ())
     {
       cleanup_free char *cwd = NULL;

diff --git a/pkg/systemd/dbus.go b/pkg/systemd/dbus.go
@@ -129,7 +129,10 @@ func dbusAuthRootlessConnection(createBus func(opts ...godbus.ConnOption) (*godb
 func newRootlessConnection() (*dbus.Conn, error) {
 	return dbus.NewConnection(func() (*godbus.Conn, error) {
 		return dbusAuthRootlessConnection(func(opts ...godbus.ConnOption) (*godbus.Conn, error) {
-			path := filepath.Join(os.Getenv("XDG_RUNTIME_DIR"), "systemd/private")
+			path, err := filepath.EvalSymlinks(filepath.Join(os.Getenv("XDG_RUNTIME_DIR"), "systemd/private"))
+			if err != nil {
+				return nil, err
+			}
 			return godbus.Dial(fmt.Sprintf("unix:path=%s", path))
 		})
 	})

diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go
@@ -26,7 +26,10 @@ func GetRuntimeDir() (string, error) {
 	}
 
 	rootlessRuntimeDirOnce.Do(func() {
-		runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
+		runtimeDir, err := filepath.EvalSymlinks(os.Getenv("XDG_RUNTIME_DIR"))
+		if err != nil {
+			logrus.Debug(err)
+		}
 		uid := fmt.Sprintf("%d", rootless.GetRootlessUID())
 		if runtimeDir == "" {
 			tmpDir := filepath.Join("/run", "user", uid)