rootless: use /tmp/libpod-rundir-$EUID for fallback

when the fallback is in place, the first user creating /tmp/user/$EUID
prevents other users for creating other directories since /tmp/user is
created with mode 0700.

Since there is no way for an unprivileged user to initialize the
/tmp/user directory correctly (we would need it to be owned by root
with the sticky bit set), let's just use /tmp/libpod-rundir-$EUID.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index d7e1ddd38..73dddf2ac 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -190,15 +190,15 @@ func GetRootlessRuntimeDir() (string, error) {
 		tmpDir := filepath.Join("/run", "user", uid)
 		os.MkdirAll(tmpDir, 0700)
 		st, err := os.Stat(tmpDir)
-		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 {
+		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
 			runtimeDir = tmpDir
 		}
 	}
 	if runtimeDir == "" {
-		tmpDir := filepath.Join(os.TempDir(), "user", uid)
+		tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("libpod-rundir-%s", uid))
 		os.MkdirAll(tmpDir, 0700)
 		st, err := os.Stat(tmpDir)
-		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 {
+		if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
 			runtimeDir = tmpDir
 		}
 	}