From adc9e0baaf2c9e5c2e8712e382903f908278eaf1 Mon Sep 17 00:00:00 2001
From: Feng Wang <feng.wang@databricks.com>
Date: Wed, 29 Sep 2021 11:13:45 -0700
Subject: [PATCH] runtime: fix two bugs in rootless hypervisor

Update the sandbox dir clean up logic to be more appropriate
Add different seeds for randInt() method

Fixes #2770

Signed-off-by: Feng Wang <feng.wang@databricks.com>
---
 src/runtime/pkg/containerd-shim-v2/create.go | 32 +++++++++++---------
 src/runtime/pkg/utils/utils.go               |  2 ++
 src/runtime/virtcontainers/qemu.go           |  6 ----
 3 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/src/runtime/pkg/containerd-shim-v2/create.go b/src/runtime/pkg/containerd-shim-v2/create.go
index 443702bd3e..3a0814e86a 100644
--- a/src/runtime/pkg/containerd-shim-v2/create.go
+++ b/src/runtime/pkg/containerd-shim-v2/create.go
@@ -311,24 +311,26 @@ func configureNonRootHypervisor(runtimeConfig *oci.RuntimeConfig) error {
 	runtimeConfig.HypervisorConfig.Gid = uint32(gid)
 
 	userTmpDir := path.Join("/run/user/", fmt.Sprint(uid))
-	dir, err := os.Stat(userTmpDir)
-	if os.IsNotExist(err) {
-		if err = os.Mkdir(userTmpDir, vc.DirMode); err != nil {
-			return err
-		}
-		defer func() {
-			if err != nil {
-				if err = os.RemoveAll(userTmpDir); err != nil {
-					shimLog.WithField("userTmpDir", userTmpDir).WithError(err).Warn("failed to remove userTmpDir")
-				}
-			}
-		}()
-		if err = syscall.Chown(userTmpDir, uid, gid); err != nil {
+	_, err = os.Stat(userTmpDir)
+	// Clean up the directory created by the previous run
+	if !os.IsNotExist(err) {
+		if err = os.RemoveAll(userTmpDir); err != nil {
 			return err
 		}
 	}
-	if dir != nil && !dir.IsDir() {
-		return fmt.Errorf("%s is expected to be a directory", userTmpDir)
+
+	if err = os.Mkdir(userTmpDir, vc.DirMode); err != nil {
+		return err
+	}
+	defer func() {
+		if err != nil {
+			if err = os.RemoveAll(userTmpDir); err != nil {
+				shimLog.WithField("userTmpDir", userTmpDir).WithError(err).Warn("failed to remove userTmpDir")
+			}
+		}
+	}()
+	if err = syscall.Chown(userTmpDir, uid, gid); err != nil {
+		return err
 	}
 
 	if err := os.Setenv("XDG_RUNTIME_DIR", userTmpDir); err != nil {
diff --git a/src/runtime/pkg/utils/utils.go b/src/runtime/pkg/utils/utils.go
index a2a331840c..1a6c484ec0 100644
--- a/src/runtime/pkg/utils/utils.go
+++ b/src/runtime/pkg/utils/utils.go
@@ -13,6 +13,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"time"
 
 	"github.com/sirupsen/logrus"
 )
@@ -124,6 +125,7 @@ func CreateVmmUser() (string, error) {
 	// Add retries to mitigate temporary errors and race conditions. For example, the user already exists
 	// or another instance of the runtime is also creating a user.
 	maxAttempt := 5
+	rand.Seed(time.Now().UnixNano())
 	for i := 0; i < maxAttempt; i++ {
 		userName = fmt.Sprintf("kata-%v", rand.Intn(100000))
 		_, err = RunCommand([]string{useraddPath, "-M", "-s", nologinPath, userName, "-c", "\"Kata Containers temporary hypervisor user\""})
diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go
index fd04bbba32..363d3f3d84 100644
--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@@ -1016,12 +1016,6 @@ func (q *qemu) cleanupVM() error {
 	}
 
 	if rootless.IsRootless() {
-		rootlessDir := os.Getenv("XDG_RUNTIME_DIR")
-		if err := os.RemoveAll(rootlessDir); err != nil {
-			q.Logger().WithError(err).WithField("root-path", rootlessDir).
-				Warnf("failed to remove vm run-as-user root path")
-		}
-
 		u, err := user.LookupId(strconv.Itoa(int(q.config.Uid)))
 		if err != nil {
 			q.Logger().WithError(err).WithField("uid", q.config.Uid).Warn("failed to find the user")