rootful: do not set XDG_RUNTIME_DIR for cni plugins

The dnsname plugin tries to use XDG_RUNTIME_DIR to store files.
podman run will have XDG_RUNTIME_DIR set and thus the cni plugin can use
it. The problem is that XDG_RUNTIME_DIR is unset for the conmon process
for rootful users. This causes issues since the cleanup process is spawned
by conmon and thus not have XDG_RUNTIME_DIR set to same value as podman run.

Because of it dnsname will not find the config files and cannot correctly
cleanup.
To fix this we should also unset XDG_RUNTIME_DIR for the cni plugins as
rootful.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/libpod/network/cni/cni_exec.go b/libpod/network/cni/cni_exec.go
index c4d7f49f7..ae857bcfb 100644
--- a/libpod/network/cni/cni_exec.go
+++ b/libpod/network/cni/cni_exec.go
@@ -30,6 +30,7 @@ import (
 
 	"github.com/containernetworking/cni/pkg/invoke"
 	"github.com/containernetworking/cni/pkg/version"
+	"github.com/containers/podman/v3/pkg/rootless"
 )
 
 type cniExec struct {
@@ -67,6 +68,17 @@ func (e *cniExec) ExecPlugin(ctx context.Context, pluginPath string, stdinData [
 	c.Stdout = stdout
 	c.Stderr = stderr
 
+	// The dnsname plugin tries to use XDG_RUNTIME_DIR to store files.
+	// podman run will have XDG_RUNTIME_DIR set and thus the cni plugin can use
+	// it. The problem is that XDG_RUNTIME_DIR is unset for the conmon process
+	// for rootful users. This causes issues since the cleanup process is spawned
+	// by conmon and thus not have XDG_RUNTIME_DIR set to same value as podman run.
+	// Because of it dnsname will not find the config files and cannot correctly cleanup.
+	// To fix this we should also unset XDG_RUNTIME_DIR for the cni plugins as rootful.
+	if !rootless.IsRootless() {
+		c.Env = append(c.Env, "XDG_RUNTIME_DIR=")
+	}
+
 	err := c.Run()
 	if err != nil {
 		return nil, annotatePluginError(err, pluginPath, stdout.Bytes(), stderr.Bytes())