From 6c6a8654363457a9638d58265d0a7e8743575d7a Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 15 Mar 2019 22:50:15 +0100
Subject: rootless: change default path for conmon.pid

We cannot use the RunDir for writing the conmon.pid file as we might
not be able to read it before we join a namespace, since it is owned
by the root in the container which can be a different uid when using
uidmap.  To avoid completely the issue, we will just write it to the
static dir which is always readable by the unprivileged user.

Closes: https://github.com/containers/libpod/issues/2673

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/runtime_ctr.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index c6f119913..3b74a65dd 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -171,7 +171,7 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
 	}()
 
 	if rootless.IsRootless() && ctr.config.ConmonPidFile == "" {
-		ctr.config.ConmonPidFile = filepath.Join(ctr.state.RunDir, "conmon.pid")
+		ctr.config.ConmonPidFile = filepath.Join(ctr.config.StaticDir, "conmon.pid")
 	}
 
 	// Go through the volume mounts and check for named volumes
-- 
cgit v1.2.3-54-g00ecf