Fix: Auto-detect unprivileged user and use XDG_RUNTIME_DIR for default root by sidneychang · Pull Request #465 · urunc-dev/urunc

sidneychang · 2026-02-09T04:28:45Z

Description

This change mirrors runc’s behavior when running as a non-root user (or as root inside a user namespace). In these cases, the runtime now automatically falls back to using $XDG_RUNTIME_DIR as the default runtime root, instead of requiring callers to explicitly pass --root.

By honoring $XDG_RUNTIME_DIR by default in these environments, urunc now aligns with runc’s behavior and integrates more smoothly with Podman.

Related issues

Fixes Check integration of urunc with podman #114

How was this tested?

LLM usage

N/A

Checklist

I have read the contribution guide.
The linter passes locally (make lint).
The e2e tests of at least one tool pass locally (make test_ctr, make test_nerdctl, make test_docker, make test_crictl).
If LLMs were used: I have read the llm policy.

netlify · 2026-02-09T04:28:52Z

✅ Deploy Preview for urunc canceled.

Name	Link
🔨 Latest commit	`a1b89e5`
🔍 Latest deploy log	https://app.netlify.com/projects/urunc/deploys/6998859e495b4100082648e5

cmainas · 2026-02-09T12:43:32Z

Hello @sidneychang ,

thank you for this PR. The idea looks good, but maybe we could make use of urunc;s configuration instead of the XDG_RUNTIME_DIR for easier configuration. Let;s iterate over it in the podman issue first #114

cmainas

Thank you @sidneychang for this addition. I have added a few comments to slightly improve the code.

cmainas · 2026-02-18T14:32:45Z

pkg/rootless/rootless.go

+// for the default root directory (e.g. /run/user/UID/runc instead of /run/urunc).
+// It returns true for non-root processes and for root inside a user namespace
+// when not running as the "root" user (e.g. rootless Podman).
+func ShouldHonorXDGRuntimeDir() bool {


Let's add this function in https://github.com/urunc-dev/urunc/blob/main/cmd/urunc/utils.go to avoid creating a new package.

cmainas · 2026-02-18T14:38:43Z

cmd/urunc/main.go


 func main() {
 	root := "/run/urunc"
+	xdgDirUsed := false


We can move this code inside the if !cmd.IsSet("root") statement and then perform the check if we should use the XDG_RUNTME_DIR

cmainas · 2026-02-18T14:39:08Z

cmd/urunc/main.go

+				// auto-pruned.
+				if err := os.MkdirAll(root, 0o700); err != nil {
+					fmt.Fprintln(os.Stderr, "the path in $XDG_RUNTIME_DIR must be writable by the user")
+					fatal(err)


Avoid using fatal. Return the error instead.

cmainas · 2026-02-18T14:39:16Z

cmd/urunc/main.go

+				}
+				if err := os.Chmod(root, os.FileMode(0o700)|os.ModeSticky); err != nil {
+					fmt.Fprintln(os.Stderr, "you should check permission of the path in $XDG_RUNTIME_DIR")
+					fatal(err)


Avoid using fatal. Return the error instead.

cmainas · 2026-02-18T14:40:45Z

cmd/urunc/main.go

 		},
 		Before: func(_ context.Context, cmd *cli.Command) (context.Context, error) {
+			if !cmd.IsSet("root") && xdgDirUsed {
+				// According to the XDG specification, we need to set anything in


We can move the XDG_RUNTIME_DIR preparation in a single small function.

sidneychang · 2026-02-20T07:47:07Z

Hi @cmainas,

Thanks for the review — all comments have been addressed.

cmainas · 2026-02-20T14:43:46Z

Thank you @sidneychang for the changes. Could you rebase over the main branch, so we can merge it?

sidneychang · 2026-02-20T14:50:38Z

Hi @cmainas,
I’ve rebased the branch on top of main.

cmainas · 2026-02-20T15:38:48Z

Thank you @sidneychang , would it be possible to rebase once more, just to be on the safe side?

Mirror runc behavior: when running as non-root (or root inside a user namespace), honor $XDG_RUNTIME_DIR for the default runtime root so callers do not need to pass --root. Signed-off-by: sidneychang <2190206983@qq.com>

cmainas · 2026-02-20T15:59:51Z

To fix the linter issue with spelling, you will need to add the word userns in https://github.com/urunc-dev/urunc/blob/main/.github/linters/urunc-dict.txt

sidneychang · 2026-02-20T16:03:34Z

Hi @cmainas,

The other CI checks look good, but cspell was failing due to userns being flagged as an unknown word, so I’ve added it to urunc-dict.txt.

There’s also a failure in TestNerdctl/Hvt-mirage-net:
Failed test: ping failed: failed to create Pinger: addr cannot be empty
I’m not sure why this is happening, as this PR doesn’t modify any network-related logic. Could we try re-running the CI to see if it was transient?

cmainas

Thank you @sidneychang for this addition!

PR: #465 Mirror runc behavior: when running as non-root (or root inside a user namespace), honor $XDG_RUNTIME_DIR for the default runtime root so callers do not need to pass --root. Signed-off-by: sidneychang <2190206983@qq.com> Reviewed-by: Charalampos Mainas <cmainas@nubificus.co.uk> Approved-by: Charalampos Mainas <cmainas@nubificus.co.uk>

sidneychang mentioned this pull request Feb 9, 2026

Check integration of urunc with podman #114

Open

cmainas requested changes Feb 18, 2026

View reviewed changes

cmainas added the ok-to-test label Feb 18, 2026

sidneychang force-pushed the set_root_auto branch 2 times, most recently from 9b6dac5 to 248a6c6 Compare February 20, 2026 07:42

sidneychang force-pushed the set_root_auto branch from 248a6c6 to aa45041 Compare February 20, 2026 14:41

sidneychang force-pushed the set_root_auto branch 2 times, most recently from f1bab24 to a8ceeb2 Compare February 20, 2026 14:46

sidneychang force-pushed the set_root_auto branch from a8ceeb2 to 441b801 Compare February 20, 2026 15:42

fix: use XDG_RUNTIME_DIR for default root

a1b89e5

Mirror runc behavior: when running as non-root (or root inside a user namespace), honor $XDG_RUNTIME_DIR for the default runtime root so callers do not need to pass --root. Signed-off-by: sidneychang <2190206983@qq.com>

sidneychang force-pushed the set_root_auto branch from 441b801 to a1b89e5 Compare February 20, 2026 16:02

cmainas added the takeover label Feb 20, 2026

urunc-bot bot changed the base branch from main to main-pr465 February 20, 2026 16:16

cmainas approved these changes Feb 20, 2026

View reviewed changes

cmainas merged commit 18845e0 into urunc-dev:main-pr465 Feb 20, 2026
34 checks passed

Conversation

sidneychang commented Feb 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Related issues

How was this tested?

LLM usage

Checklist

Uh oh!

netlify bot commented Feb 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for urunc canceled.

Uh oh!

cmainas commented Feb 9, 2026

Uh oh!

cmainas left a comment

Choose a reason for hiding this comment

Uh oh!

cmainas Feb 18, 2026

Choose a reason for hiding this comment

Uh oh!

cmainas Feb 18, 2026

Choose a reason for hiding this comment

Uh oh!

cmainas Feb 18, 2026

Choose a reason for hiding this comment

Uh oh!

cmainas Feb 18, 2026

Choose a reason for hiding this comment

Uh oh!

cmainas Feb 18, 2026

Choose a reason for hiding this comment

Uh oh!

sidneychang commented Feb 20, 2026

Uh oh!

cmainas commented Feb 20, 2026

Uh oh!

sidneychang commented Feb 20, 2026

Uh oh!

cmainas commented Feb 20, 2026

Uh oh!

cmainas commented Feb 20, 2026

Uh oh!

sidneychang commented Feb 20, 2026

Uh oh!

cmainas left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Comments

sidneychang commented Feb 9, 2026 •

edited

Loading

netlify bot commented Feb 9, 2026 •

edited

Loading