podman: use a different store for the rootless case

so that the user has rw access to it.

Signed-off-by: Giuseppe Scrivano <[email protected]>

Closes: #871
Approved by: mheon

Author: giuseppe

cmd/podman/create.go

@@ -9,7 +9,6 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/containers/storage"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/go-connections/nat"
@@ -81,7 +80,10 @@ func createCmd(c *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	storageOpts := storage.DefaultStoreOptions
+	storageOpts, err := libpodruntime.GetDefaultStoreOptions()
+	if err != nil {
+		return err
+	}
 	storageOpts.UIDMap = mappings.UIDMap
 	storageOpts.GIDMap = mappings.GIDMap
 

cmd/podman/libpodruntime/runtime.go

@@ -1,17 +1,55 @@
 package libpodruntime
 
 import (
+	"fmt"
+	"os"
+	"path/filepath"
+
 	"github.com/containers/storage"
 	"github.com/projectatomic/libpod/libpod"
 	"github.com/urfave/cli"
 )
 
 // GetRuntime generates a new libpod runtime configured by command line options
 func GetRuntime(c *cli.Context) (*libpod.Runtime, error) {
-	storageOpts := storage.DefaultStoreOptions
+	storageOpts, err := GetDefaultStoreOptions()
+	if err != nil {
+		return nil, err
+	}
 	return GetRuntimeWithStorageOpts(c, &storageOpts)
 }
 
+func GetRootlessStorageOpts() (storage.StoreOptions, error) {
+	var opts storage.StoreOptions
+
+	opts.RunRoot = filepath.Join(libpod.GetRootlessRuntimeDir(), "run")
+
+	dataDir := os.Getenv("XDG_DATA_DIR")
+	if dataDir != "" {
+		opts.GraphRoot = filepath.Join(dataDir, "containers", "storage")
+	} else {
+		home := os.Getenv("HOME")
+		if home == "" {
+			return opts, fmt.Errorf("HOME not specified")
+		}
+		opts.GraphRoot = filepath.Join(home, ".containers", "storage")
+	}
+	opts.GraphDriverName = "vfs"
+	return opts, nil
+}
+
+func GetDefaultStoreOptions() (storage.StoreOptions, error) {
+	storageOpts := storage.DefaultStoreOptions
+	if os.Getuid() != 0 {
+		var err error
+		storageOpts, err = GetRootlessStorageOpts()
+		if err != nil {
+			return storageOpts, err
+		}
+	}
+	return storageOpts, nil
+}
+
 // GetRuntime generates a new libpod runtime configured by command line options
 func GetRuntimeWithStorageOpts(c *cli.Context, storageOpts *storage.StoreOptions) (*libpod.Runtime, error) {
 	options := []libpod.RuntimeOption{}

cmd/podman/run.go

@@ -9,7 +9,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/containers/storage"
 	"github.com/pkg/errors"
 	"github.com/projectatomic/libpod/cmd/podman/libpodruntime"
 	"github.com/projectatomic/libpod/libpod"
@@ -54,7 +53,10 @@ func runCmd(c *cli.Context) error {
 		}
 	}
 
-	storageOpts := storage.DefaultStoreOptions
+	storageOpts, err := libpodruntime.GetDefaultStoreOptions()
+	if err != nil {
+		return err
+	}
 	mappings, err := util.ParseIDMapping(c.StringSlice("uidmap"), c.StringSlice("gidmap"), c.String("subuidmap"), c.String("subgidmap"))
 	if err != nil {
 		return err

libpod/container_internal.go

@@ -1296,7 +1296,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		g.AddProcessEnv("container", "libpod")
 	}
 
-	if c.runtime.config.CgroupManager == SystemdCgroupsManager {
+	if os.Getuid() != 0 {
+		g.SetLinuxCgroupsPath("")
+	} else if c.runtime.config.CgroupManager == SystemdCgroupsManager {
 		// When runc is set to use Systemd as a cgroup manager, it
 		// expects cgroups to be passed as follows:
 		// slice:prefix:name

libpod/runtime.go

@@ -2,10 +2,12 @@ package libpod
 
 import (
 	"bytes"
+	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
+	"syscall"
 
 	"github.com/BurntSushi/toml"
 	is "github.com/containers/image/storage"
@@ -164,14 +166,45 @@ var (
 		CgroupManager: CgroupfsCgroupsManager,
 		HooksDir:      hooks.DefaultDir,
 		StaticDir:     filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"),
-		TmpDir:        "/var/run/libpod",
+		TmpDir:        getDefaultTmpDir(),
 		MaxLogSize:    -1,
 		NoPivotRoot:   false,
 		CNIConfigDir:  "/etc/cni/net.d/",
 		CNIPluginDir:  []string{"/usr/libexec/cni", "/usr/lib/cni", "/opt/cni/bin"},
 	}
 )
 
+// GetRootlessRuntimeDir returns the runtime directory when running as non root
+func GetRootlessRuntimeDir() string {
+	hasNoEnv := false
+	runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
+	if runtimeDir == "" {
+		hasNoEnv = true
+		tmpDir := filepath.Join(os.TempDir(), "user", fmt.Sprintf("%d", os.Getuid()))
+		os.MkdirAll(tmpDir, 0700)
+		st, err := os.Stat(tmpDir)
+		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 {
+			runtimeDir = tmpDir
+		}
+	}
+	if runtimeDir == "" {
+		runtimeDir = filepath.Join(os.Getenv("HOME"), "rundir")
+	}
+	if hasNoEnv {
+		os.Setenv("XDG_RUNTIME_DIR", runtimeDir)
+	}
+	return runtimeDir
+}
+
+func getDefaultTmpDir() string {
+	if os.Getuid() == 0 {
+		return "/var/run/libpod"
+	}
+
+	rootlessRuntimeDir := GetRootlessRuntimeDir()
+	return filepath.Join(rootlessRuntimeDir, "libpod", "tmp")
+}
+
 // NewRuntime creates a new container runtime
 // Options can be passed to override the default configuration for the runtime
 func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {