Merge pull request #44733 from jg-public/fix-rootless-specspaths--T43111

Use user data path for plugin discovery in rootless mode

cmd/dockerd/config_unix.go

@@ -10,8 +10,8 @@ import (
 	"github.com/docker/docker/daemon/config"
 	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/homedir"
+	"github.com/docker/docker/pkg/rootless"
 	"github.com/docker/docker/registry"
-	"github.com/docker/docker/rootless"
 	"github.com/spf13/pflag"
 )
 

cmd/dockerd/daemon.go

@@ -46,10 +46,10 @@ import (
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/pidfile"
 	"github.com/docker/docker/pkg/plugingetter"
+	"github.com/docker/docker/pkg/rootless"
 	"github.com/docker/docker/pkg/sysinfo"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/docker/plugin"
-	"github.com/docker/docker/rootless"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/moby/buildkit/session"

cmd/dockerd/docker.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/reexec"
-	"github.com/docker/docker/rootless"
+	"github.com/docker/docker/pkg/rootless"
 	"github.com/moby/buildkit/util/apicaps"
 	"github.com/moby/term"
 	"github.com/sirupsen/logrus"

daemon/config/config_linux.go

@@ -11,7 +11,7 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/homedir"
-	"github.com/docker/docker/rootless"
+	"github.com/docker/docker/pkg/rootless"
 	units "github.com/docker/go-units"
 	"github.com/pkg/errors"
 )

daemon/info_unix.go

@@ -12,8 +12,8 @@ import (
 
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/pkg/rootless"
 	"github.com/docker/docker/pkg/sysinfo"
-	"github.com/docker/docker/rootless"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )

daemon/oci_linux.go

@@ -22,8 +22,8 @@ import (
 	"github.com/docker/docker/oci"
 	"github.com/docker/docker/oci/caps"
 	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/rootless/specconv"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/rootless/specconv"
 	volumemounts "github.com/docker/docker/volume/mounts"
 	"github.com/moby/sys/mount"
 	"github.com/moby/sys/mountinfo"

libnetwork/iptables/iptables.go

@@ -13,7 +13,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/docker/docker/rootless"
+	"github.com/docker/docker/pkg/rootless"
 	"github.com/sirupsen/logrus"
 )
 

pkg/homedir/homedir_linux.go

@@ -91,3 +91,12 @@ func GetConfigHome() (string, error) {
 	}
 	return filepath.Join(home, ".config"), nil
 }
+
+// GetLibHome returns $HOME/.local/lib
+func GetLibHome() (string, error) {
+	home := os.Getenv("HOME")
+	if home == "" {
+		return "", errors.New("could not get HOME")
+	}
+	return filepath.Join(home, ".local/lib"), nil
+}

pkg/plugins/discovery.go

@@ -49,7 +49,7 @@ func Scan() ([]string, error) {
 		}
 	}
 
-	for _, p := range specsPaths {
+	for _, p := range SpecsPaths() {
 		dirEntries, err := os.ReadDir(p)
 		if err != nil && !os.IsNotExist(err) {
 			return nil, errors.Wrap(err, "error reading dir entries")
@@ -93,7 +93,7 @@ func (l *localRegistry) Plugin(name string) (*Plugin, error) {
 	}
 
 	var txtspecpaths []string
-	for _, p := range specsPaths {
+	for _, p := range SpecsPaths() {
 		txtspecpaths = append(txtspecpaths, pluginPaths(p, name, ".spec")...)
 		txtspecpaths = append(txtspecpaths, pluginPaths(p, name, ".json")...)
 	}

pkg/plugins/discovery_test.go

@@ -13,7 +13,7 @@ func Setup(t *testing.T) (string, func()) {
 	}
 	backup := socketsPath
 	socketsPath = tmpdir
-	specsPaths = []string{tmpdir}
+	globalSpecsPaths = []string{tmpdir}
 
 	return tmpdir, func() {
 		socketsPath = backup

pkg/plugins/discovery_unix.go

@@ -2,5 +2,45 @@
 // +build !windows
 
 package plugins // import "github.com/docker/docker/pkg/plugins"
+import (
+	"path/filepath"
 
-var specsPaths = []string{"/etc/docker/plugins", "/usr/lib/docker/plugins"}
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/docker/docker/pkg/rootless"
+)
+
+const globalConfigPluginsPath = "/etc/docker/plugins"
+const globalLibPluginsPath = "/usr/lib/docker/plugins"
+
+var globalSpecsPaths = []string{globalConfigPluginsPath, globalLibPluginsPath}
+
+func rootlessConfigPluginsPath() string {
+	configHome, err := homedir.GetConfigHome()
+	if err == nil {
+		return filepath.Join(configHome, "docker/plugins")
+	}
+
+	return globalConfigPluginsPath
+}
+
+func rootlessLibPluginsPath() string {
+	libHome, err := homedir.GetLibHome()
+	if err == nil {
+		return filepath.Join(libHome, "docker/plugins")
+	}
+
+	return globalLibPluginsPath
+}
+
+// SpecsPaths returns
+// { "%programdata%\docker\plugins" } on Windows,
+// { "/etc/docker/plugins", "/usr/lib/docker/plugins" } on Unix in non-rootless mode,
+// { "$XDG_CONFIG_HOME/docker/plugins", "$HOME/.local/lib/docker/plugins" } on Unix in rootless mode
+// with fallback to the corresponding path in non-rootless mode if $XDG_CONFIG_HOME or $HOME is not set.
+func SpecsPaths() []string {
+	if rootless.RunningWithRootlessKit() {
+		return []string{rootlessConfigPluginsPath(), rootlessLibPluginsPath()}
+	}
+
+	return globalSpecsPaths
+}

pkg/plugins/discovery_windows.go

@@ -5,4 +5,13 @@ import (
 	"path/filepath"
 )
 
-var specsPaths = []string{filepath.Join(os.Getenv("programdata"), "docker", "plugins")}
+var globalSpecsPaths = []string{filepath.Join(os.Getenv("programdata"), "docker", "plugins")}
+
+// SpecsPaths returns
+// { "%programdata%\docker\plugins" } on Windows,
+// { "/etc/docker/plugins", "/usr/lib/docker/plugins" } on Unix in non-rootless mode,
+// { "$XDG_CONFIG_HOME/docker/plugins", "$HOME/.local/lib/docker/plugins" } on Unix in rootless mode
+// with fallback to the corresponding path in non-rootless mode if $XDG_CONFIG_HOME or $HOME is not set.
+func SpecsPaths() []string {
+	return globalSpecsPaths
+}

rootless/rootless.go → pkg/rootless/rootless.go

@@ -1,4 +1,4 @@
-package rootless // import "github.com/docker/docker/rootless"
+package rootless // import "github.com/docker/docker/pkg/rootless"
 
 import (
 	"os"

rootless/specconv/specconv_linux.go → pkg/rootless/specconv/specconv_linux.go

@@ -1,4 +1,4 @@
-package specconv // import "github.com/docker/docker/rootless/specconv"
+package specconv // import "github.com/docker/docker/pkg/rootless/specconv"
 
 import (
 	"os"