runtime: fix two bugs in rootless hypervisor

Update the sandbox dir clean up logic to be more appropriate Add different seeds for randInt() method Fixes #2770 Signed-off-by: Feng Wang <feng.wang@databricks.com>
2025-06-25 15:02:45 +00:00 · 2021-09-29 11:13:45 -07:00 · 2021-09-29 11:13:45 -07:00 · adc9e0baaf
commit adc9e0baaf
parent 0300e91cd0
3 changed files with 19 additions and 21 deletions
--- a/src/runtime/pkg/containerd-shim-v2/create.go
+++ b/src/runtime/pkg/containerd-shim-v2/create.go
@ -311,8 +311,14 @@ func configureNonRootHypervisor(runtimeConfig *oci.RuntimeConfig) error {
 	runtimeConfig.HypervisorConfig.Gid = uint32(gid)

 	userTmpDir := path.Join("/run/user/", fmt.Sprint(uid))
-	dir, err := os.Stat(userTmpDir)
-	if os.IsNotExist(err) {
+	_, err = os.Stat(userTmpDir)
+	// Clean up the directory created by the previous run
+	if !os.IsNotExist(err) {
+		if err = os.RemoveAll(userTmpDir); err != nil {
+			return err
+		}
+	}
+
 	if err = os.Mkdir(userTmpDir, vc.DirMode); err != nil {
 		return err
 	}
@ -326,10 +332,6 @@ func configureNonRootHypervisor(runtimeConfig *oci.RuntimeConfig) error {
 	if err = syscall.Chown(userTmpDir, uid, gid); err != nil {
 		return err
 	}
-	}
-	if dir != nil && !dir.IsDir() {
-		return fmt.Errorf("%s is expected to be a directory", userTmpDir)
-	}

 	if err := os.Setenv("XDG_RUNTIME_DIR", userTmpDir); err != nil {
 		return err
--- a/src/runtime/pkg/utils/utils.go
+++ b/src/runtime/pkg/utils/utils.go
@ -13,6 +13,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"time"

 	"github.com/sirupsen/logrus"
 )
@ -124,6 +125,7 @@ func CreateVmmUser() (string, error) {
 	// Add retries to mitigate temporary errors and race conditions. For example, the user already exists
 	// or another instance of the runtime is also creating a user.
 	maxAttempt := 5
+	rand.Seed(time.Now().UnixNano())
 	for i := 0; i < maxAttempt; i++ {
 		userName = fmt.Sprintf("kata-%v", rand.Intn(100000))
 		_, err = RunCommand([]string{useraddPath, "-M", "-s", nologinPath, userName, "-c", "\"Kata Containers temporary hypervisor user\""})
--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@ -1016,12 +1016,6 @@ func (q *qemu) cleanupVM() error {
 	}

 	if rootless.IsRootless() {
-		rootlessDir := os.Getenv("XDG_RUNTIME_DIR")
-		if err := os.RemoveAll(rootlessDir); err != nil {
-			q.Logger().WithError(err).WithField("root-path", rootlessDir).
-				Warnf("failed to remove vm run-as-user root path")
-		}
-
 		u, err := user.LookupId(strconv.Itoa(int(q.config.Uid)))
 		if err != nil {
 			q.Logger().WithError(err).WithField("uid", q.config.Uid).Warn("failed to find the user")