From 6ae905aa1cb6f2a3fcb61d97b7feb41296383fc9 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 16 Feb 2023 14:32:05 +0100
Subject: [PATCH] options: reject empty runroot or graphroot

make sure that the runroot and graphroot are not empty otherwise we will
end up using an empty directory as path prefix and create files in the
current directory.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 types/options.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/types/options.go b/types/options.go
index 34252dd630..5c55b28a1d 100644
--- a/types/options.go
+++ b/types/options.go
@@ -152,14 +152,18 @@ func defaultStoreOptionsIsolated(rootless bool, rootlessUID int, storageConf str
 			}
 		}
 	}
-	if storageOpts.RunRoot != "" {
+	if storageOpts.RunRoot == "" {
+		return storageOpts, fmt.Errorf("runroot must be set")
+	} else {
 		runRoot, err := expandEnvPath(storageOpts.RunRoot, rootlessUID)
 		if err != nil {
 			return storageOpts, err
 		}
 		storageOpts.RunRoot = runRoot
 	}
-	if storageOpts.GraphRoot != "" {
+	if storageOpts.GraphRoot == "" {
+		return storageOpts, fmt.Errorf("graphroot must be set")
+	} else {
 		graphRoot, err := expandEnvPath(storageOpts.GraphRoot, rootlessUID)
 		if err != nil {
 			return storageOpts, err