list: fix IsSet check for global root flag

[RedMakeUp]

Summary

Fix runc list erroring with open /run/runc: no such file or directory when the default root directory doesn't exist (i.e., no containers have been created yet).

Two bugs in list.go getContainers():

• Wrong method: context.IsSet("root") always returns false in subcommand context because root is a global flag. Use context.GlobalIsSet("root") instead.
• Inverted logic: The condition should be !context.GlobalIsSet("root") — ignore a non-existing default root directory, but report error for an explicitly set non-existent --root.

Fixes #5203

Test plan

Added two integration tests in tests/integration/list.bats:

• list with non-existent default root succeeds — backs up and removes /run/runc, then runs ROOT="" runc list (which goes through the standard wrapper without --root) to verify the fix returns an empty result instead of erroring.
• list with empty default root succeeds — ensures runc list works correctly when the default root exists but contains no containers.

Both tests skip for rootless (the default root /run/runc is only used as real root; rootless uses $XDG_RUNTIME_DIR/runc instead, which is auto-created by app.Before).

Verified locally:

• All three tests pass with the fix
• list with non-existent default root succeeds fails without the fix

Signed-off-by: RedMakeUp girafeeblue@gmail.com

[kolyshkin]

1. nit: use [ not [[ here I guess.
2. Does this test actually runs in some of our CI?

[cyphar]

This whole PR seems LLM-generated so I wouldn't be surprised that it didn't check if the test actually runs. 🤷

[RedMakeUp]

Thanks for your review firstly. I did use an LLM to assist with drafting parts of the testcase! However, I want to clarify that the fix itself, the bug, and the testcase are 100% real and based on a strict production environment I am currently working with.
My Scenario
I am currently upgrading my stack (runc 1.1.2 -> 1.3.4, containerd 1.7.14 -> 1.7.30, kubelet 1.29.3-> 1.32.11)

• standalone kubelet: I run a standalone kubelet with static pods only (no apiserver), using HostNetwork and HostPID for control plane services.
• Direct runc Usage: To reduce memory overhead from containerd-shim, I bypass containerd and invoke runc directly to run VM images.
• Almost everything is under the root user: non-root users can not access my env

The actual problem is that, in my control plane services, I use runc list --format json to list current VMs.
In runc 1.1.2, if no containers were running yet (and thus the default /run/runc didn't exist), it safely returned null and exited 0.
In runc 1.3.4, it throws an error and breaks my workflow.

So I unset the rootless (XDG_RUNTIME_DIR) aspect and the setup_bundle behavior, because I don't care about them in my services, not I blindly rely on the LLM.

I'll rework and adjust the testcase based on your suggestions.

[RedMakeUp]

• nit: use [ not [[ here I guess.
• Does this test actually runs in some of our CI?

1. Done, switched to [.
2. In the previous version, the test would skip when /run/runc exists, which could happen in CI. I considered a few approaches:
   • Go unit test (like notify_socket_test.go): deterministic, but felt out of place for a one-off case.
   • unshare -m with a fresh tmpfs on /run: guarantees /run/runc doesn't exist, but adds complexity .
   • Backup and remove /run/runc: simple, uses the standard runc wrapper, and teardown() guarantees restoration even if the test fails.

Went with the third approach. The test now runs in all root CI rounds, and skips only for rootless where this bug doesn't apply (rootless uses $XDG_RUNTIME_DIR/runc which is auto-created by app.Before).

[kolyshkin]

I think you can just use runc list here.

[cyphar]

We auto-set ROOT (and thus add --root $ROOT) for all of our tests in setup_bundle, and that would break this test AFAICS. (Actually, I'm a little surprised we do that -- I thought we only did this for the rootless tests...)

I think we should test the XDG_RUNTIME_DIR case properly though...

[kolyshkin]

I'd add a comment telling that we use sane_run $RUNC to avoid passing --root here.

[RedMakeUp]

We auto-set ROOT (and thus add --root $ROOT) for all of our tests in setup_bundle, and that would break this test AFAICS. (Actually, I'm a little surprised we do that -- I thought we only did this for the rootless tests...)

I think we should test the XDG_RUNTIME_DIR case properly though...

Resolved the setup_bundle issue by using ROOT="" runc list — empty ROOT makes setup_runc_cmdline skip adding --root, so runc uses the default /run/runc. I looked into testing the XDG_RUNTIME_DIR path, but this bug is actually not reachable there:

• As real root, shouldHonorXDGRuntimeDir() returns false, so XDG_RUNTIME_DIR is ignored entirely.
• As rootless, app.Before auto-creates $XDG_RUNTIME_DIR/runc via MkdirAll, so os.ReadDir never hits ErrNotExist.

So the tests skip for rootless with a comment explaining this.

[RedMakeUp]

I'd add a comment telling that we use sane_run $RUNC to avoid passing --root here.

I found ROOT="" runc list can also work to avoid passing --root, so I've changed to that based on your previous comment. But I wonder which one is better

[kolyshkin]

ditto

[RedMakeUp]

Done

[kolyshkin]

ditto

[RedMakeUp]

Done

[kolyshkin]

Suggested change

	[ "$(id -u)" -eq 0 ] || skip "requires real root"
	requires root

[RedMakeUp]

Done

[kolyshkin]

The test in this PR (which modifies /root/runc) should benefit from the feature from #5212, so if that one is approved and merged, the test here needs to add require unsafe.

[RedMakeUp]

The test in this PR (which modifies /root/runc) should benefit from the feature from #5212, so if that one is approved and merged, the test here needs to add require unsafe.

That sounds great!