diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 6c6e722f4..fb594f680 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -14,6 +14,7 @@ import ( "github.com/onsi/gomega" selinux "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" + oscaps "github.com/syndtr/gocapability/capability" ) var _ = Describe("Config", func() { @@ -847,6 +848,28 @@ env=["foo=bar"]` gomega.Expect(config.Containers.EnableLabeledUsers).To(gomega.BeTrue()) }) + It("HomeDirTest", func() { + oldHOMEDIR, set := os.LookupEnv("HOME") + dir, err := os.MkdirTemp("", "configTest") + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + defer os.RemoveAll(dir) + os.Chmod(dir, 0o000) + caps, err := oscaps.NewPid2(0) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + caps.Unset(oscaps.EFFECTIVE, oscaps.CAP_DAC_OVERRIDE) + defer caps.Set(oscaps.EFFECTIVE, oscaps.CAP_DAC_OVERRIDE) + + os.Setenv("HOME", dir) + _, err = defaultConfig() + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + + if set { + os.Setenv("HOME", oldHOMEDIR) + } else { + os.Unsetenv("HOME") + } + }) + It("ParsePullPolicy", func() { for _, test := range []struct { value string diff --git a/pkg/config/default.go b/pkg/config/default.go index 311b090b9..0d69fe562 100644 --- a/pkg/config/default.go +++ b/pkg/config/default.go @@ -3,6 +3,7 @@ package config import ( "errors" "fmt" + "io/fs" "net" "os" "path/filepath" @@ -188,6 +189,23 @@ const ( DefaultVolumePluginTimeout = 5 ) +func defaultSigPath() (string, error) { + // NOTE: For now we want Windows to use system locations. + // GetRootlessUID == -1 on Windows, so exclude negative range + if unshare.GetRootlessUID() > 0 { + configHome, err := homedir.GetConfigHome() + if err == nil { + sigPath := filepath.Join(configHome, DefaultRootlessSignaturePolicyPath) + if err := fileutils.Exists(sigPath); err == nil { + return sigPath, nil + } + } else if !errors.Is(err, fs.ErrNotExist) { + return "", err + } + } + return DefaultSignaturePolicyPath, nil +} + // defaultConfig returns Config with builtin defaults and minimal adjustments // to the current host only. It does not read any config files from the host or // the environment. @@ -197,22 +215,11 @@ func defaultConfig() (*Config, error) { return nil, err } - defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath - // NOTE: For now we want Windows to use system locations. - // GetRootlessUID == -1 on Windows, so exclude negative range - if unshare.GetRootlessUID() > 0 { - configHome, err := homedir.GetConfigHome() - if err != nil { - return nil, err - } - sigPath := filepath.Join(configHome, DefaultRootlessSignaturePolicyPath) - defaultEngineConfig.SignaturePolicyPath = sigPath - if err := fileutils.Exists(sigPath); err != nil { - if err := fileutils.Exists(DefaultSignaturePolicyPath); err == nil { - defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath - } - } + sigPath, err := defaultSigPath() + if err != nil { + return nil, err } + defaultEngineConfig.SignaturePolicyPath = sigPath cgroupNS := "host" if cgroup2, _ := cgroupv2.Enabled(); cgroup2 {