Eval symlinks on XDG_RUNTIME_DIR #15918
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
pkg/rootless/rootless_linux.c
Outdated
| @@ -359,7 +359,8 @@ static void __attribute__((constructor)) init() | |||
|
|
|||
| /* Shortcut. If we are able to join the pause pid file, do it now so we don't | |||
| need to re-exec. */ | |||
| xdg_runtime_dir = getenv ("XDG_RUNTIME_DIR"); | |||
| char path[PATH_MAX]; | |||
There was a problem hiding this comment.
Whitespace here looks a bit wierd
rhatdan
force-pushed
the
XDG_RUNTIME_DIR
branch
2 times, most recently
from
936263c to
ae19075
Compare
rhatdan
force-pushed
the
XDG_RUNTIME_DIR
branch
from
ae19075 to
42f4f93
Compare
|
Code LGTM, I'm good to merge whenever the tests start passing |
rhatdan
force-pushed
the
XDG_RUNTIME_DIR
branch
2 times, most recently
from
fcef9f7 to
d9c00f6
Compare
|
@edsantiago Any idea what is breaking the Windows man page generator? I don't see how this PR is causing this error? |
|
The error I see is: The space looks suspicious but I don't know this code and have no idea what it means. Am looking into it now. The other weird thing I see is: I think that's related, because the string |
|
Okay..... there's a weird error involving "bus", and your PR adds the string "bus". I think there's a connection. Maybe |
rhatdan
force-pushed
the
XDG_RUNTIME_DIR
branch
from
d9c00f6 to
7c6bf96
Compare
|
I see your new push but I don't think that's going to fix it: podman/pkg/util/utils_supported.go Lines 42 to 43 in f6053ce ...which has the string "podman-run-%s" which closely matches the "podman-run--1" in the lstat error (except, wtf, is "-1" a valid UID in Mac-land???). The other part, |
|
AHA! Reproduced it via hackery: diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go
index 90a2ecf86..c5877ea9f 100644
--- a/pkg/util/utils_supported.go
+++ b/pkg/util/utils_supported.go
@@ -34,7 +34,7 @@ func GetRuntimeDir() (string, error) {
}
uid := fmt.Sprintf("%d", rootless.GetRootlessUID())
- if runtimeDir == "" {
+ if runtimeDir == "xxxx" {
tmpDir := filepath.Join("/run", "user", uid)
if err := os.MkdirAll(tmpDir, 0700); err != nil {
logrus.Debug(err)With that, compile, and run: $ mkdir foo123
$ env -i TMPDIR=foo123 bin/podman-remote help
lstat foo123/podman-run-14904/bus: no such file or directory
$ echo $?
1 |
|
This patch (against main, not against your PR) fixes it. Obviously there may be a better solution: diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go
index a118fdc4d..0f6028888 100644
--- a/cmd/podman/registry/config.go
+++ b/cmd/podman/registry/config.go
@@ -105,7 +105,12 @@ func setXdgDirs() error {
if _, found := os.LookupEnv("DBUS_SESSION_BUS_ADDRESS"); !found {
sessionAddr := filepath.Join(os.Getenv("XDG_RUNTIME_DIR"), "bus")
if _, err := os.Stat(sessionAddr); err == nil {
- os.Setenv("DBUS_SESSION_BUS_ADDRESS", "unix:path="+sessionAddr)
+ dereferenced, err := filepath.EvalSymlinks(sessionAddr)
+ if err != nil {
+ return err
+ }
+
+ os.Setenv("DBUS_SESSION_BUS_ADDRESS", "unix:path="+dereferenced)
}
} |
rhatdan
force-pushed
the
XDG_RUNTIME_DIR
branch
from
7c6bf96 to
a2b935f
Compare
cmd/podman/registry/config.go
Outdated
| runtimeDir := os.Getenv("XDG_RUNTIME_DIR") | ||
| if runtimeDir != "" { |
There was a problem hiding this comment.
This isn't quite the same as mine. Even if you get it to compile, the logic is different: in my approach, I first assemble XDG/bus, then check if that exists, then deref links.
XDG will always be set. That's some early config hackery that @giuseppe added years ago. What does not exist on macs is XDG + bus.
| @@ -157,7 +157,13 @@ func (r *Runtime) reset(ctx context.Context) error { | |||
| } | |||
| } | |||
|
|
|||
| xdgRuntimeDir := filepath.Clean(os.Getenv("XDG_RUNTIME_DIR")) | |||
| xdgRuntimeDir := os.Getenv("XDG_RUNTIME_DIR") | |||
| if xdgRuntimeDir != "" { | |||
There was a problem hiding this comment.
Again, I think this is misleading because XDG is always, always going to be set very early on by config code.
There was a problem hiding this comment.
There is no change here if XDG_RUNTIME_DIR is not set or is set to "", Current code would not fail if XDG_RUNTIME_DIR=="" new code would, so I add his check.
| @@ -129,7 +129,11 @@ func dbusAuthRootlessConnection(createBus func(opts ...godbus.ConnOption) (*godb | |||
| func newRootlessConnection() (*dbus.Conn, error) { | |||
| return dbus.NewConnection(func() (*godbus.Conn, error) { | |||
| return dbusAuthRootlessConnection(func(opts ...godbus.ConnOption) (*godbus.Conn, error) { | |||
| path := filepath.Join(os.Getenv("XDG_RUNTIME_DIR"), "systemd/private") | |||
| path := filepath.Join(os.Getenv("XDG_RUNTIME_DIR"), "systemd", "private") | |||
| path, err := filepath.EvalSymlinks(path) | |||
There was a problem hiding this comment.
And, like above, I think you need an existence check before you EvalSymlinks.
There was a problem hiding this comment.
What would the check do if it does not exists?
Still call
return godbus.Dial(fmt.Sprintf("unix:path=%s", path))
?
If the file does not exists EvalSymlinks will return that it does not exists.
There was a problem hiding this comment.
I don't know enough about this systemd/private path to comment. But:
- old code: just returns a string with the path, whether the path exists or not (leave it to caller to deal with problems)
- new code: barfs if path does not exist. This is new behavior. I don't know if it's good new behavior or bad new behavior... but it's a change.
There was a problem hiding this comment.
I think the old code will barf when godbus.Dial attempts to connect to a non existing socket
The new code will report the non existing socket earlier, as I read it.
rhatdan
force-pushed
the
XDG_RUNTIME_DIR
branch
from
a2b935f to
ee9aeae
Compare
|
|
||
| if runtimeDir != "" { | ||
| rootlessRuntimeDir, rootlessRuntimeDirError = filepath.EvalSymlinks(runtimeDir) | ||
| return |
There was a problem hiding this comment.
Kind of made me nervous to return early, but AFAICT it's perfectly fine, no code paths are affected, and this actually seems cleaner. PR LGTM but this has too many ramifications for me.
|
@containers/podman-maintainers PTAL |
|
Thanks for the test, @Luap99. Here's a version that doesn't depend on @test "podman rootless netns works when XDG_RUNTIME_DIR includes symlinks" {
# regression test for https://github.com/containers/podman/issues/14606
is_rootless || skip "only meaningful for rootless"
# Create a tmpdir symlink pointing to /run, and use it briefly
ln -s /run $PODMAN_TMPDIR/run
local tmp_run=$PODMAN_TMPDIR/run/user/$(id -u)
test -d $tmp_run || skip "/run/user/MYUID unavailable"
# This 'run' would previously fail with:
# IPAM error: failed to open database ....
XDG_RUNTIME_DIR=$tmp_run run_podman run --network bridge --rm $IMAGE ip a
assert "$output" =~ "eth0"
}(warning: if you run this test with podman @ main, or podman without this patch, you destroy everything and need to run |
rhatdan
force-pushed
the
XDG_RUNTIME_DIR
branch
2 times, most recently
from
2b42abf to
ba5e896
Compare
Partial Fix for containers#14606 [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan
force-pushed
the
XDG_RUNTIME_DIR
branch
from
ba5e896 to
71f0c9f
Compare
|
@Luap99 @edsantiago PTAL |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
Partial Fix for #14606
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh [email protected]
Does this PR introduce a user-facing change?