runtime: store the user name in hypervisor config

The user name will be used to delete the user instead of relying on uid lookup because uid can be reused. Fixes: #5155 Signed-off-by: Feng Wang <feng.wang@databricks.com>
2025-04-30 04:34:27 +00:00 · 2022-09-12 22:09:35 -07:00 · 2022-09-12 22:09:35 -07:00 · f914319874
commit f914319874
parent 5cafe21770
3 changed files with 11 additions and 8 deletions
--- a/src/runtime/pkg/containerd-shim-v2/create.go
+++ b/src/runtime/pkg/containerd-shim-v2/create.go
@ -335,6 +335,7 @@ func configureNonRootHypervisor(runtimeConfig *oci.RuntimeConfig, sandboxId stri
 		return err
 	}
 	runtimeConfig.HypervisorConfig.Uid = uint32(uid)
+	runtimeConfig.HypervisorConfig.User = userName
 	runtimeConfig.HypervisorConfig.Gid = uint32(gid)
 	shimLog.WithFields(logrus.Fields{
 		"user_name":  userName,
--- a/src/runtime/virtcontainers/hypervisor.go
+++ b/src/runtime/virtcontainers/hypervisor.go
@ -380,6 +380,9 @@ type HypervisorConfig struct {
 	// BlockiDeviceAIO specifies the I/O API to be used.
 	BlockDeviceAIO string

+	// The user maps to the uid.
+	User string
+
 	// KernelParams are additional guest kernel parameters.
 	KernelParams []Param

--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@ -680,7 +680,7 @@ func (q *qemu) checkBpfEnabled() {
 			q.Logger().WithError(err).Warningf("failed to get bpf_jit_enable status")
 			return
 		}
-		enabled, err := strconv.Atoi(string(out))
+		enabled, err := strconv.Atoi(strings.TrimSpace(string(out)))
 		if err != nil {
 			q.Logger().WithError(err).Warningf("failed to convert bpf_jit_enable status to integer")
 			return
@ -1063,26 +1063,25 @@ func (q *qemu) cleanupVM() error {
 	}

 	if rootless.IsRootless() {
-		u, err := user.LookupId(strconv.Itoa(int(q.config.Uid)))
-		if err != nil {
+		if _, err := user.Lookup(q.config.User); err != nil {
 			q.Logger().WithError(err).WithFields(
 				logrus.Fields{
-					"user": u.Username,
+					"user": q.config.User,
 					"uid":  q.config.Uid,
-				}).Warn("failed to find the user")
+				}).Warn("failed to find the user, it might have been removed")
 			return nil
 		}

-		if err := pkgUtils.RemoveVmmUser(u.Username); err != nil {
+		if err := pkgUtils.RemoveVmmUser(q.config.User); err != nil {
 			q.Logger().WithError(err).WithFields(
 				logrus.Fields{
-					"user": u.Username,
+					"user": q.config.User,
 					"uid":  q.config.Uid,
 				}).Warn("failed to delete the user")
 		}
 		q.Logger().WithFields(
 			logrus.Fields{
-				"user": u.Username,
+				"user": q.config.User,
 				"uid":  q.config.Uid,
 			}).Debug("successfully removed the non root user")
 	}