From 592a2fd544d550a310c7fec2357bad3a00326486 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 14 Mar 2019 20:32:12 +0100
Subject: [PATCH 1/2] rootless: use /tmp/libpod-rundir-$EUID for fallback

when the fallback is in place, the first user creating /tmp/user/$EUID
prevents other users for creating other directories since /tmp/user is
created with mode 0700.

Since there is no way for an unprivileged user to initialize the
/tmp/user directory correctly (we would need it to be owned by root
with the sticky bit set), let's just use /tmp/libpod-rundir-$EUID.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/util/utils.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index d7e1ddd38e..73dddf2ac3 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -190,15 +190,15 @@ func GetRootlessRuntimeDir() (string, error) {
 		tmpDir := filepath.Join("/run", "user", uid)
 		os.MkdirAll(tmpDir, 0700)
 		st, err := os.Stat(tmpDir)
-		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 {
+		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
 			runtimeDir = tmpDir
 		}
 	}
 	if runtimeDir == "" {
-		tmpDir := filepath.Join(os.TempDir(), "user", uid)
+		tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("libpod-rundir-%s", uid))
 		os.MkdirAll(tmpDir, 0700)
 		st, err := os.Stat(tmpDir)
-		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 {
+		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
 			runtimeDir = tmpDir
 		}
 	}

From e6a4bac09e5ffff47a6a28ac09179a60526bbf0b Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 14 Mar 2019 20:44:37 +0100
Subject: [PATCH 2/2] rootless: use Geteuid instead of Getuid

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/rootless/rootless_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index b2677f7d93..baceebee3c 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -72,7 +72,7 @@ func GetRootlessUID() int {
 		u, _ := strconv.Atoi(uidEnv)
 		return u
 	}
-	return os.Getuid()
+	return os.Geteuid()
 }
 
 func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) error {