containerd · apostasie · Jan 25, 2025 · AkihiroSuda · Jan 29, 2025 · apostasie
diff --git a/pkg/buildkitutil/buildkitutil_freebsd.go b/pkg/buildkitutil/buildkitutil_freebsd.go
@@ -16,7 +16,7 @@
 
 package buildkitutil
 
-func getRuntimeVariableDataDir() string {
+func getRuntimeVariableDataDir() (string, error) {
 	// Per hier(7) dated July 6, 2023.
-	return "/var/run"
+	return "/var/run", nil
 }
diff --git a/pkg/buildkitutil/buildkitutil_linux.go b/pkg/buildkitutil/buildkitutil_linux.go
@@ -18,23 +18,24 @@ package buildkitutil
 
 import (
 	"fmt"
-
-	"github.com/containerd/log"
+	"os"
 
 	"github.com/containerd/nerdctl/v2/pkg/rootlessutil"
 )
 
-func getRuntimeVariableDataDir() string {
+func getRuntimeVariableDataDir() (string, error) {
 	// Per Linux Foundation "Filesystem Hierarchy Standard" version 3.0 section 3.15.
 	// Under version 2.3, this was "/var/run".
 	run := "/run"
 	if rootlessutil.IsRootless() {
 		var err error
 		run, err = rootlessutil.XDGRuntimeDir()
 		if err != nil {
-			log.L.Warn(err)
-			run = fmt.Sprintf("/run/user/%d", rootlessutil.ParentEUID())
+			if rootlessutil.IsRootlessChild() {
+				return "", err
+			}
+			run = fmt.Sprintf("/run/user/%d", os.Geteuid())
 		}
 	}
-	return run
+	return run, nil
 }
diff --git a/pkg/buildkitutil/buildkitutil_unix.go b/pkg/buildkitutil/buildkitutil_unix.go
@@ -28,7 +28,10 @@ func getBuildkitHostCandidates(namespace string) ([]string, error) {
 		return []string{}, fmt.Errorf("namespace must be specified")
 	}
 	// Try candidate locations of the current containerd namespace.
-	run := getRuntimeVariableDataDir()
+	run, err := getRuntimeVariableDataDir()
+	if err != nil {
+		return []string{}, err
+	}
 	var candidates []string
 	if namespace != "default" {
 		candidates = append(candidates, "unix://"+filepath.Join(run, fmt.Sprintf("buildkit-%s/buildkitd.sock", namespace)))

diff --git a/pkg/bypass4netnsutil/bypass4netnsutil.go b/pkg/bypass4netnsutil/bypass4netnsutil.go
@@ -18,7 +18,6 @@ package bypass4netnsutil
 
 import (
 	"context"
-	"fmt"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -30,6 +29,7 @@ import (
 	"github.com/containerd/containerd/v2/pkg/oci"
 
 	"github.com/containerd/nerdctl/v2/pkg/annotations"
+	"github.com/containerd/nerdctl/v2/pkg/rootlessutil"
 )
 
 func generateSecurityOpt(listenerPath string) (oci.SpecOpts, error) {
@@ -83,15 +83,8 @@ func GenerateBypass4netnsOpts(securityOptsMaps map[string]string, annotationsMap
 	return opts, nil
 }
 
-func getXDGRuntimeDir() (string, error) {
-	if xrd := os.Getenv("XDG_RUNTIME_DIR"); xrd != "" {
-		return xrd, nil
-	}
-	return "", fmt.Errorf("environment variable XDG_RUNTIME_DIR is not set")
-}
-
 func CreateSocketDir() error {
-	xdgRuntimeDir, err := getXDGRuntimeDir()
+	xdgRuntimeDir, err := rootlessutil.XDGRuntimeDir()
 	if err != nil {
 		return err
 	}
@@ -107,7 +100,7 @@ func CreateSocketDir() error {
 }
 
 func GetBypass4NetnsdDefaultSocketPath() (string, error) {
-	xdgRuntimeDir, err := getXDGRuntimeDir()
+	xdgRuntimeDir, err := rootlessutil.XDGRuntimeDir()
 	if err != nil {
 		return "", err
 	}
@@ -116,7 +109,7 @@ func GetBypass4NetnsdDefaultSocketPath() (string, error) {
 }
 
 func GetSocketPathByID(id string) (string, error) {
-	xdgRuntimeDir, err := getXDGRuntimeDir()
+	xdgRuntimeDir, err := rootlessutil.XDGRuntimeDir()
 	if err != nil {
 		return "", err
 	}
@@ -126,7 +119,7 @@ func GetSocketPathByID(id string) (string, error) {
 }
 
 func GetPidFilePathByID(id string) (string, error) {
-	xdgRuntimeDir, err := getXDGRuntimeDir()
+	xdgRuntimeDir, err := rootlessutil.XDGRuntimeDir()
 	if err != nil {
 		return "", err
 	}

diff --git a/pkg/defaults/defaults_freebsd.go b/pkg/defaults/defaults_freebsd.go
@@ -39,8 +39,8 @@ func CNINetConfPath() string {
 	return cni.DefaultNetDir
 }
 
-func CNIRuntimeDir() string {
-	return "/run/cni"
+func CNIRuntimeDir() (string, error) {
+	return "/run/cni", nil
 }
 
 func CgroupManager() string {

diff --git a/pkg/defaults/defaults_linux.go b/pkg/defaults/defaults_linux.go
@@ -24,7 +24,6 @@ import (
 
 	"github.com/containerd/containerd/v2/plugins"
 	"github.com/containerd/go-cni"
-	"github.com/containerd/log"
 
 	"github.com/containerd/nerdctl/v2/pkg/rootlessutil"
 )
@@ -88,16 +87,18 @@ func CNINetConfPath() string {
 	return filepath.Join(xch, "cni/net.d")
 }
 
-func CNIRuntimeDir() string {
+func CNIRuntimeDir() (string, error) {
 	if !rootlessutil.IsRootless() {
-		return "/run/cni"
+		return "/run/cni", nil
 	}
 	xdr, err := rootlessutil.XDGRuntimeDir()
 	if err != nil {
-		log.L.Warn(err)
-		xdr = fmt.Sprintf("/run/user/%d", rootlessutil.ParentEUID())
+		if rootlessutil.IsRootlessChild() {
+			return "", err
+		}
+		xdr = fmt.Sprintf("/run/user/%d", os.Geteuid())
 	}
-	return fmt.Sprintf("%s/cni", xdr)
+	return filepath.Join(xdr, "cni"), nil
 }
 
 func NerdctlTOML() string {

diff --git a/pkg/defaults/defaults_windows.go b/pkg/defaults/defaults_windows.go
@@ -39,8 +39,8 @@ func CNINetConfPath() string {
 	return filepath.Join(os.Getenv("ProgramFiles"), "containerd", "cni", "conf")
 }
 
-func CNIRuntimeDir() string {
-	return ""
+func CNIRuntimeDir() (string, error) {
+	return "", nil
 }
 
 func IsSystemdAvailable() bool {

diff --git a/pkg/netutil/netutil_unix.go b/pkg/netutil/netutil_unix.go
@@ -206,7 +206,11 @@ func (e *CNIEnv) generateIPAM(driver string, subnets []string, gatewayStr, ipRan
 		ipamConfig = ipamConf
 	case "dhcp":
 		ipamConf := newDHCPIPAMConfig()
-		ipamConf.DaemonSocketPath = filepath.Join(defaults.CNIRuntimeDir(), "dhcp.sock")
+		crd, err := defaults.CNIRuntimeDir()
+		if err != nil {
+			return nil, err
+		}
+		ipamConf.DaemonSocketPath = filepath.Join(crd, "dhcp.sock")
 		if err := systemutil.IsSocketAccessible(ipamConf.DaemonSocketPath); err != nil {
 			log.L.Warnf("cannot access dhcp socket %q (hint: try running with `dhcp daemon --socketpath=%s &` in CNI_PATH to launch the dhcp daemon)", ipamConf.DaemonSocketPath, ipamConf.DaemonSocketPath)
 		}

diff --git a/pkg/rootlessutil/xdg_linux.go b/pkg/rootlessutil/xdg_linux.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"os"
 	"path/filepath"
+	"strconv"
 )
 
 func XDGRuntimeDir() (string, error) {
@@ -28,10 +29,11 @@ func XDGRuntimeDir() (string, error) {
 	}
 	// Fall back to "/run/user/<euid>".
 	// Note that We cannot rely on os.Geteuid() because we might be inside UserNS.
-	if euid := os.Getenv("ROOTLESSKIT_PARENT_EUID"); euid != "" {
-		return "/run/user/" + euid, nil
+	euid, err := strconv.Atoi(os.Getenv("ROOTLESSKIT_PARENT_EUID"))
+	if err != nil {
+		return "", errors.New("environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/")
 	}
-	return "", errors.New("environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/")
+	return "/run/user/" + strconv.Itoa(euid), nil
 }
 
 func XDGConfigHome() (string, error) {