rootless: fix open /etc/docker/plugins: permission denied

Fix issue 47436 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit d742659877) Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2026-01-11 18:51:37 +00:00 · 2024-03-14 14:32:01 +09:00
parent 5901652edd
commit 81ad7062f0
1 changed files with 10 additions and 2 deletions
--- a/pkg/plugins/discovery.go
+++ b/pkg/plugins/discovery.go
@@ -10,6 +10,8 @@ import (
 	"strings"
 	"sync"

+	"github.com/containerd/containerd/pkg/userns"
+	"github.com/containerd/log"
 	"github.com/pkg/errors"
 )

@@ -56,10 +58,16 @@ func (l *LocalRegistry) Scan() ([]string, error) {

 	for _, p := range l.specsPaths {
 		dirEntries, err = os.ReadDir(p)
-		if err != nil && !os.IsNotExist(err) {
+		if err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			if os.IsPermission(err) && userns.RunningInUserNS() {
+				log.L.Debug(err.Error())
+				continue
+			}
 			return nil, errors.Wrap(err, "error reading dir entries")
 		}
-
 		for _, entry := range dirEntries {
 			if entry.IsDir() {
 				infos, err := os.ReadDir(filepath.Join(p, entry.Name()))