Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove duplication of XDG runtime dir #229

Merged
merged 1 commit into from
Apr 22, 2024
Merged

Remove duplication of XDG runtime dir #229

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions app/dockerdwrapper.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,16 @@ static char* xdg_runtime_directory(void) {
return g_strdup_printf("/var/run/user/%d", getuid());
}

static char* xdg_runtime_file(const char* filename) {
g_autofree char* xdg_runtime_dir = xdg_runtime_directory();
return g_strdup_printf("%s/%s", xdg_runtime_dir, filename);
}

static void remove_docker_pid_file(void) {
g_autofree char* pid_path = xdg_runtime_file("docker.pid");
unlink(pid_path);
}

static bool set_xdg_directory_permisssions(mode_t mode) {
g_autofree char* xdg_runtime_dir = xdg_runtime_directory();
if (chmod(xdg_runtime_dir, mode) != 0) {
Expand Down Expand Up @@ -501,15 +511,15 @@ static const char* build_daemon_args(const struct settings* settings, AXParamete

if (use_ipc_socket) {
g_strlcat(msg, " with IPC socket and", msg_len);
uid_t uid = getuid();
// The socket should reside in the user directory and have same group as user.
// If omitted, dockerd will log a warning about the 'docker' group not being find.
// However, rootlesskit maps the user's primary group to the root group, so "--group 0"
// means the socket will belong to the user's primary group.
g_autofree char* ipc_socket = xdg_runtime_file("docker.sock");
args_offset += g_snprintf(args + args_offset,
args_len - args_offset,
" --group 0 -H unix:///var/run/user/%d/docker.sock",
uid);
" --group 0 -H unix://%s",
ipc_socket);
} else {
g_strlcat(msg, " without IPC socket and", msg_len);
}
Expand Down Expand Up @@ -695,9 +705,7 @@ static void dockerd_process_exited_callback(GPid pid, gint status, gpointer app_
rootlesskit_pid = 0;
g_spawn_close_pid(pid);

// The lockfile might have been left behind if dockerd shut down in a bad manner.
g_autofree char* pid_path = g_strdup_printf("/var/run/user/%d/docker.pid", getuid());
remove(pid_path);
remove_docker_pid_file(); // Might have been left behind if dockerd crashed.

prevent_others_from_using_our_ipc_socket();

Expand Down