From 9ebdbd9d9d63333b4929cea73f9d6ed391c1cd59 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 16 Feb 2023 14:32:05 +0100
Subject: [PATCH] options: reject empty runroot or graphroot

make sure that the runroot and graphroot are not empty otherwise we will
end up using an empty directory as path prefix and create files in the
current directory.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 types/options.go | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

Index: golang-github-containers-storage/types/options.go
===================================================================
--- golang-github-containers-storage.orig/types/options.go
+++ golang-github-containers-storage/types/options.go
@@ -142,20 +142,24 @@ func defaultStoreOptionsIsolated(rootles
 			}
 		}
 	}
-	if storageOpts.RunRoot != "" {
-		runRoot, err := expandEnvPath(storageOpts.RunRoot, rootlessUID)
-		if err != nil {
-			return storageOpts, err
-		}
-		storageOpts.RunRoot = runRoot
+	if storageOpts.RunRoot == "" {
+		return storageOpts, fmt.Errorf("runroot must be set")
 	}
-	if storageOpts.GraphRoot != "" {
-		graphRoot, err := expandEnvPath(storageOpts.GraphRoot, rootlessUID)
-		if err != nil {
-			return storageOpts, err
-		}
-		storageOpts.GraphRoot = graphRoot
+	runRoot, err := expandEnvPath(storageOpts.RunRoot, rootlessUID)
+	if err != nil {
+		return storageOpts, err
+	}
+	storageOpts.RunRoot = runRoot
+
+	if storageOpts.GraphRoot == "" {
+		return storageOpts, fmt.Errorf("graphroot must be set")
+	}
+	graphRoot, err := expandEnvPath(storageOpts.GraphRoot, rootlessUID)
+	if err != nil {
+		return storageOpts, err
 	}
+	storageOpts.GraphRoot = graphRoot
+
 	if storageOpts.RootlessStoragePath != "" {
 		storagePath, err := expandEnvPath(storageOpts.RootlessStoragePath, rootlessUID)
 		if err != nil {