fix: correct bugs found during codebase audit

- Use annotHypervisor instead of annotType in isRunning()

- Remove nil error wrapping in run.go

- Fix potential nil-deref on consoleFile in rootfs.go

- Use errors.Is() for sentinel error comparison

- Propagate errors in getInitPid instead of swallowing

- Propagate error in deleteAllTCFilters

Signed-off-by: vinayakjeet <vinayakjeetog@gmail.com>

Author: vinayakjeet

cmd/urunc/run.go

@@ -16,7 +16,6 @@ package main
 
 import (
 	"context"
-	"fmt"
 	"os"
 
 	"github.com/sirupsen/logrus"
@@ -75,6 +74,6 @@ var runCommand = &cli.Command{
 		if err := startUnikontainer(cmd); err != nil {
 			return err
 		}
-		return fmt.Errorf("urunc run failed: %w", nil)
+		return nil
 	},
 }

pkg/network/network.go

@@ -387,7 +387,7 @@ func deleteAllTCFilters(device netlink.Link) error {
 	parent := uint32(netlink.HANDLE_ROOT)
 	tapFilters, err := netlink.FilterList(device, parent)
 	if err != nil {
-		return nil
+		return err
 	}
 	allFilters = append(allFilters, tapFilters...)
 	device, err = discoverContainerIface()

pkg/unikontainers/rootfs.go

@@ -446,16 +446,16 @@ func prepareMonRootfs(monRootfs string, monitorPath string, monitorDataPath stri
 
 	// Create /dev/console file
 	consolePath := filepath.Join(monRootfs, "/dev/console")
-	consoleFile, err := os.Create(consolePath)
-	if err != nil && !os.IsExist(err) {
+	consoleFile, err := os.OpenFile(consolePath, os.O_CREATE|os.O_WRONLY, 0o666)
+	if err != nil {
 		return fmt.Errorf("failed to create /dev/console: %w", err)
 	}
+	defer consoleFile.Close()
+
 	// Ensure correct permissions
 	if err := consoleFile.Chmod(0o666); err != nil {
-		consoleFile.Close()
 		return fmt.Errorf("failed to chmod /dev/console: %w", err)
 	}
-	consoleFile.Close()
 
 	return nil
 }

pkg/unikontainers/unikontainers.go

@@ -443,7 +443,8 @@ func (u *Unikontainer) Exec(metrics m.Writer) error {
 
 	// unikernel
 	err = unikernel.Init(unikernelParams)
-	if err == unikernels.ErrUndefinedVersion || err == unikernels.ErrVersionParsing {
+	if errors.Is(err, unikernels.ErrUndefinedVersion) ||
+		errors.Is(err, unikernels.ErrVersionParsing) {
 		uniklog.WithError(err).Error("an error occurred while initializing the unikernel")
 	} else if err != nil {
 		return err
@@ -1146,7 +1147,7 @@ func (u *Unikontainer) SendMessage(message IPCMessage) error {
 
 // isRunning returns true if the PID is alive or hedge.ListVMs returns our containerID
 func (u *Unikontainer) isRunning() bool {
-	vmmType := hypervisors.VmmType(u.State.Annotations[annotType])
+	vmmType := hypervisors.VmmType(u.State.Annotations[annotHypervisor])
 	if vmmType != hypervisors.HedgeVmm {
 		return syscall.Kill(u.State.Pid, syscall.Signal(0)) == nil
 	}

pkg/unikontainers/utils.go

@@ -57,7 +57,6 @@ func getInitPid(filePath string) (float64, error) {
 	decoder := json.NewDecoder(file)
 	if err := decoder.Decode(&jsonData); err != nil {
 		return 0, nil
-
 	}
 
 	// Extract the specific value "init_process_pid"