From 45e76e3e68187dfaf4712fd40c5cbafa8820917f Mon Sep 17 00:00:00 2001 From: Ton Sharp <45160296+66Ton99@users.noreply.github.com> Date: Fri, 10 Apr 2026 02:36:28 +0300 Subject: [PATCH 1/2] defaults: use user-writable data root on darwin Signed-off-by: Ton Sharp <45160296+66Ton99@users.noreply.github.com> --- pkg/defaults/defaults_darwin.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkg/defaults/defaults_darwin.go b/pkg/defaults/defaults_darwin.go index 2779a26ec1b..fee07ee8e41 100644 --- a/pkg/defaults/defaults_darwin.go +++ b/pkg/defaults/defaults_darwin.go @@ -20,7 +20,12 @@ package defaults -import gocni "github.com/containerd/go-cni" +import ( + "os" + "path/filepath" + + gocni "github.com/containerd/go-cni" +) const ( AppArmorProfileName = "" @@ -41,6 +46,9 @@ func CNINetConfPath() string { } func DataRoot() string { + if home, err := os.UserHomeDir(); err == nil && home != "" { + return filepath.Join(home, ".local", "share", "nerdctl") + } return "/var/lib/nerdctl" } From a5cdb0d5f609696fd745418c314b319e8e9bc256 Mon Sep 17 00:00:00 2001 From: Anton Shapka Date: Fri, 10 Apr 2026 13:17:18 +0300 Subject: [PATCH 2/2] defaults/darwin: align paths with root and XDG conventions --- pkg/defaults/defaults_darwin.go | 66 ++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 5 deletions(-) diff --git a/pkg/defaults/defaults_darwin.go b/pkg/defaults/defaults_darwin.go index fee07ee8e41..20a8ce21c44 100644 --- a/pkg/defaults/defaults_darwin.go +++ b/pkg/defaults/defaults_darwin.go @@ -16,11 +16,12 @@ // This is a dummy file to allow usage of library functions // on Darwin-based systems. -// All functions and variables are empty/no-ops +// Most functions and variables are stubs/no-ops package defaults import ( + "fmt" "os" "path/filepath" @@ -38,18 +39,24 @@ func CNIPath() string { } func CNIRuntimeDir() (string, error) { + if os.Geteuid() != 0 { + return filepath.Join(xdgRuntimeDir(), "cni"), nil + } return "/var/run/cni", nil } func CNINetConfPath() string { + if os.Geteuid() != 0 { + return filepath.Join(xdgConfigHome(), "cni", "net.d") + } return gocni.DefaultNetDir } func DataRoot() string { - if home, err := os.UserHomeDir(); err == nil && home != "" { - return filepath.Join(home, ".local", "share", "nerdctl") + if os.Geteuid() == 0 { + return "/var/lib/nerdctl" } - return "/var/lib/nerdctl" + return filepath.Join(xdgDataHome(), "nerdctl") } func CgroupManager() string { @@ -61,11 +68,21 @@ func CgroupnsMode() string { } func NerdctlTOML() string { + if os.Geteuid() != 0 { + return filepath.Join(xdgConfigHome(), "nerdctl", "nerdctl.toml") + } return "/etc/nerdctl/nerdctl.toml" } func HostsDirs() []string { - return []string{} + if os.Geteuid() != 0 { + xch := xdgConfigHome() + return []string{ + filepath.Join(xch, "containerd", "certs.d"), + filepath.Join(xch, "docker", "certs.d"), + } + } + return []string{"/etc/containerd/certs.d", "/etc/docker/certs.d"} } func HostGatewayIP() string { @@ -73,5 +90,44 @@ func HostGatewayIP() string { } func CDISpecDirs() []string { + if os.Geteuid() != 0 { + return []string{ + filepath.Join(xdgConfigHome(), "cdi"), + filepath.Join(xdgRuntimeDir(), "cdi"), + } + } return []string{"/etc/cdi", "/var/run/cdi"} } + +func xdgConfigHome() string { + if xch := os.Getenv("XDG_CONFIG_HOME"); xch != "" { + return xch + } + if home := os.Getenv("HOME"); home != "" { + return filepath.Join(home, ".config") + } + if home, err := os.UserHomeDir(); err == nil && home != "" { + return filepath.Join(home, ".config") + } + return "/etc" +} + +func xdgDataHome() string { + if xdh := os.Getenv("XDG_DATA_HOME"); xdh != "" { + return xdh + } + if home := os.Getenv("HOME"); home != "" { + return filepath.Join(home, ".local", "share") + } + if home, err := os.UserHomeDir(); err == nil && home != "" { + return filepath.Join(home, ".local", "share") + } + return "/var/lib" +} + +func xdgRuntimeDir() string { + if xdr := os.Getenv("XDG_RUNTIME_DIR"); xdr != "" { + return xdr + } + return fmt.Sprintf("/run/user/%d", os.Geteuid()) +}