From 2d6252b98a94482346cc8dd16f97b4c59d16dc4d Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 28 Oct 2021 11:18:48 +0200
Subject: runtime: change PID existence check

commit 6b3b0a17c625bdf71b0ec8b783b288886d8e48d7 introduced a check for
the PID file before attempting to move the PID to a new scope.

This is still vulnerable to TOCTOU race condition though, since the
PID file or the PID can be removed/killed after the check was
successful but before it was used.

Closes: https://github.com/containers/podman/issues/12065

[NO NEW TESTS NEEDED] it fixes a CI flake

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/runtime.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'libpod')

diff --git a/libpod/runtime.go b/libpod/runtime.go
index a99f55fb3..a208b6db4 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -543,9 +543,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) {
 			if became {
 				// Check if the pause process was created.  If it was created, then
 				// move it to its own systemd scope.
-				if _, err = os.Stat(pausePid); err == nil {
-					utils.MovePauseProcessToScope(pausePid)
-				}
+				utils.MovePauseProcessToScope(pausePid)
 				os.Exit(ret)
 			}
 		}
-- 
cgit v1.2.3-54-g00ecf