From a7698659cb8fa0a877fca1dc8bdaa157c125651f Mon Sep 17 00:00:00 2001 From: apostasie Date: Sat, 25 Jan 2025 00:06:57 -0800 Subject: [PATCH] Cleanup XDGRuntime logic Signed-off-by: apostasie --- pkg/buildkitutil/buildkitutil_freebsd.go | 4 ++-- pkg/buildkitutil/buildkitutil_linux.go | 13 +++++++------ pkg/buildkitutil/buildkitutil_unix.go | 5 ++++- pkg/bypass4netnsutil/bypass4netnsutil.go | 17 +++++------------ pkg/defaults/defaults_freebsd.go | 4 ++-- pkg/defaults/defaults_linux.go | 13 +++++++------ pkg/defaults/defaults_windows.go | 4 ++-- pkg/netutil/netutil_unix.go | 6 +++++- pkg/rootlessutil/xdg_linux.go | 8 +++++--- 9 files changed, 39 insertions(+), 35 deletions(-) diff --git a/pkg/buildkitutil/buildkitutil_freebsd.go b/pkg/buildkitutil/buildkitutil_freebsd.go index adaec5e42ef..a0b02e3c7dc 100644 --- a/pkg/buildkitutil/buildkitutil_freebsd.go +++ b/pkg/buildkitutil/buildkitutil_freebsd.go @@ -16,7 +16,7 @@ package buildkitutil -func getRuntimeVariableDataDir() string { +func getRuntimeVariableDataDir() (string, error) { // Per hier(7) dated July 6, 2023. - return "/var/run" + return "/var/run", nil } diff --git a/pkg/buildkitutil/buildkitutil_linux.go b/pkg/buildkitutil/buildkitutil_linux.go index dad13d022f2..6668a887705 100644 --- a/pkg/buildkitutil/buildkitutil_linux.go +++ b/pkg/buildkitutil/buildkitutil_linux.go @@ -18,13 +18,12 @@ package buildkitutil import ( "fmt" - - "github.com/containerd/log" + "os" "github.com/containerd/nerdctl/v2/pkg/rootlessutil" ) -func getRuntimeVariableDataDir() string { +func getRuntimeVariableDataDir() (string, error) { // Per Linux Foundation "Filesystem Hierarchy Standard" version 3.0 section 3.15. // Under version 2.3, this was "/var/run". run := "/run" @@ -32,9 +31,11 @@ func getRuntimeVariableDataDir() string { var err error run, err = rootlessutil.XDGRuntimeDir() if err != nil { - log.L.Warn(err) - run = fmt.Sprintf("/run/user/%d", rootlessutil.ParentEUID()) + if rootlessutil.IsRootlessChild() { + return "", err + } + run = fmt.Sprintf("/run/user/%d", os.Geteuid()) } } - return run + return run, nil } diff --git a/pkg/buildkitutil/buildkitutil_unix.go b/pkg/buildkitutil/buildkitutil_unix.go index 5c5498d3aa9..3ef645b030c 100644 --- a/pkg/buildkitutil/buildkitutil_unix.go +++ b/pkg/buildkitutil/buildkitutil_unix.go @@ -28,7 +28,10 @@ func getBuildkitHostCandidates(namespace string) ([]string, error) { return []string{}, fmt.Errorf("namespace must be specified") } // Try candidate locations of the current containerd namespace. - run := getRuntimeVariableDataDir() + run, err := getRuntimeVariableDataDir() + if err != nil { + return []string{}, err + } var candidates []string if namespace != "default" { candidates = append(candidates, "unix://"+filepath.Join(run, fmt.Sprintf("buildkit-%s/buildkitd.sock", namespace))) diff --git a/pkg/bypass4netnsutil/bypass4netnsutil.go b/pkg/bypass4netnsutil/bypass4netnsutil.go index b34f1e4c08f..29af68dc366 100644 --- a/pkg/bypass4netnsutil/bypass4netnsutil.go +++ b/pkg/bypass4netnsutil/bypass4netnsutil.go @@ -18,7 +18,6 @@ package bypass4netnsutil import ( "context" - "fmt" "os" "path/filepath" "strconv" @@ -30,6 +29,7 @@ import ( "github.com/containerd/containerd/v2/pkg/oci" "github.com/containerd/nerdctl/v2/pkg/annotations" + "github.com/containerd/nerdctl/v2/pkg/rootlessutil" ) func generateSecurityOpt(listenerPath string) (oci.SpecOpts, error) { @@ -83,15 +83,8 @@ func GenerateBypass4netnsOpts(securityOptsMaps map[string]string, annotationsMap return opts, nil } -func getXDGRuntimeDir() (string, error) { - if xrd := os.Getenv("XDG_RUNTIME_DIR"); xrd != "" { - return xrd, nil - } - return "", fmt.Errorf("environment variable XDG_RUNTIME_DIR is not set") -} - func CreateSocketDir() error { - xdgRuntimeDir, err := getXDGRuntimeDir() + xdgRuntimeDir, err := rootlessutil.XDGRuntimeDir() if err != nil { return err } @@ -107,7 +100,7 @@ func CreateSocketDir() error { } func GetBypass4NetnsdDefaultSocketPath() (string, error) { - xdgRuntimeDir, err := getXDGRuntimeDir() + xdgRuntimeDir, err := rootlessutil.XDGRuntimeDir() if err != nil { return "", err } @@ -116,7 +109,7 @@ func GetBypass4NetnsdDefaultSocketPath() (string, error) { } func GetSocketPathByID(id string) (string, error) { - xdgRuntimeDir, err := getXDGRuntimeDir() + xdgRuntimeDir, err := rootlessutil.XDGRuntimeDir() if err != nil { return "", err } @@ -126,7 +119,7 @@ func GetSocketPathByID(id string) (string, error) { } func GetPidFilePathByID(id string) (string, error) { - xdgRuntimeDir, err := getXDGRuntimeDir() + xdgRuntimeDir, err := rootlessutil.XDGRuntimeDir() if err != nil { return "", err } diff --git a/pkg/defaults/defaults_freebsd.go b/pkg/defaults/defaults_freebsd.go index 8092beb8585..90cdda10a9a 100644 --- a/pkg/defaults/defaults_freebsd.go +++ b/pkg/defaults/defaults_freebsd.go @@ -39,8 +39,8 @@ func CNINetConfPath() string { return cni.DefaultNetDir } -func CNIRuntimeDir() string { - return "/run/cni" +func CNIRuntimeDir() (string, error) { + return "/run/cni", nil } func CgroupManager() string { diff --git a/pkg/defaults/defaults_linux.go b/pkg/defaults/defaults_linux.go index ac35cf9c786..a8acdf35bf3 100644 --- a/pkg/defaults/defaults_linux.go +++ b/pkg/defaults/defaults_linux.go @@ -24,7 +24,6 @@ import ( "github.com/containerd/containerd/v2/plugins" "github.com/containerd/go-cni" - "github.com/containerd/log" "github.com/containerd/nerdctl/v2/pkg/rootlessutil" ) @@ -88,16 +87,18 @@ func CNINetConfPath() string { return filepath.Join(xch, "cni/net.d") } -func CNIRuntimeDir() string { +func CNIRuntimeDir() (string, error) { if !rootlessutil.IsRootless() { - return "/run/cni" + return "/run/cni", nil } xdr, err := rootlessutil.XDGRuntimeDir() if err != nil { - log.L.Warn(err) - xdr = fmt.Sprintf("/run/user/%d", rootlessutil.ParentEUID()) + if rootlessutil.IsRootlessChild() { + return "", err + } + xdr = fmt.Sprintf("/run/user/%d", os.Geteuid()) } - return fmt.Sprintf("%s/cni", xdr) + return filepath.Join(xdr, "cni"), nil } func NerdctlTOML() string { diff --git a/pkg/defaults/defaults_windows.go b/pkg/defaults/defaults_windows.go index 65d74d2c8bb..cbb74c828c7 100644 --- a/pkg/defaults/defaults_windows.go +++ b/pkg/defaults/defaults_windows.go @@ -39,8 +39,8 @@ func CNINetConfPath() string { return filepath.Join(os.Getenv("ProgramFiles"), "containerd", "cni", "conf") } -func CNIRuntimeDir() string { - return "" +func CNIRuntimeDir() (string, error) { + return "", nil } func IsSystemdAvailable() bool { diff --git a/pkg/netutil/netutil_unix.go b/pkg/netutil/netutil_unix.go index eba2a5e3b8b..ffb1d8503a8 100644 --- a/pkg/netutil/netutil_unix.go +++ b/pkg/netutil/netutil_unix.go @@ -206,7 +206,11 @@ func (e *CNIEnv) generateIPAM(driver string, subnets []string, gatewayStr, ipRan ipamConfig = ipamConf case "dhcp": ipamConf := newDHCPIPAMConfig() - ipamConf.DaemonSocketPath = filepath.Join(defaults.CNIRuntimeDir(), "dhcp.sock") + crd, err := defaults.CNIRuntimeDir() + if err != nil { + return nil, err + } + ipamConf.DaemonSocketPath = filepath.Join(crd, "dhcp.sock") if err := systemutil.IsSocketAccessible(ipamConf.DaemonSocketPath); err != nil { log.L.Warnf("cannot access dhcp socket %q (hint: try running with `dhcp daemon --socketpath=%s &` in CNI_PATH to launch the dhcp daemon)", ipamConf.DaemonSocketPath, ipamConf.DaemonSocketPath) } diff --git a/pkg/rootlessutil/xdg_linux.go b/pkg/rootlessutil/xdg_linux.go index ae1a833d4ea..cee58aa40c9 100644 --- a/pkg/rootlessutil/xdg_linux.go +++ b/pkg/rootlessutil/xdg_linux.go @@ -20,6 +20,7 @@ import ( "errors" "os" "path/filepath" + "strconv" ) func XDGRuntimeDir() (string, error) { @@ -28,10 +29,11 @@ func XDGRuntimeDir() (string, error) { } // Fall back to "/run/user/". // Note that We cannot rely on os.Geteuid() because we might be inside UserNS. - if euid := os.Getenv("ROOTLESSKIT_PARENT_EUID"); euid != "" { - return "/run/user/" + euid, nil + euid, err := strconv.Atoi(os.Getenv("ROOTLESSKIT_PARENT_EUID")) + if err != nil { + return "", errors.New("environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/") } - return "", errors.New("environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/") + return "/run/user/" + strconv.Itoa(euid), nil } func XDGConfigHome() (string, error) {