fix(buildah): Buildah mode autodetection

Author: ilya-lesikov

cmd/werf/common/container_runtime.go

@@ -38,10 +38,8 @@ func GetBuildahMode() (*buildah.Mode, *thirdparty.Isolation, error) {
 	modeRaw := os.Getenv("WERF_BUILDAH_MODE")
 	switch modeRaw {
 	case "native-rootless":
-		if isInContainer, err := util.IsInContainer(); err != nil {
-			return nil, nil, fmt.Errorf("unable to determine if is in container: %s", err)
-		} else if isInContainer {
-			return nil, nil, fmt.Errorf("native rootless mode is not available in containers: %s", err)
+		if util.IsInContainer() {
+			return nil, nil, fmt.Errorf("native rootless mode is not available in containers")
 		}
 		mode = buildah.ModeNative
 		isolation = thirdparty.IsolationOCIRootless

pkg/buildah/common.go

@@ -183,23 +183,18 @@ func GetOverlayOptions() ([]string, error) {
 
 	result := []string{fmt.Sprintf("overlay.mount_program=%s", fuseOverlayBinPath)}
 
-	if isInContainer, err := util.IsInContainer(); err != nil {
-		return nil, fmt.Errorf("unable to determine whether we are in the container: %s", err)
-	} else if isInContainer {
+	if util.IsInContainer() {
 		result = append(result, fmt.Sprintf("overlay.mountopt=%s", "nodev,fsync=0"))
 	}
 
 	return result, nil
 }
 
 func GetDefaultIsolation() (thirdparty.Isolation, error) {
-	if isInContainer, err := util.IsInContainer(); err != nil {
-		return 0, fmt.Errorf("unable to determine if is in container: %s", err)
-	} else if isInContainer {
+	if util.IsInContainer() {
 		return thirdparty.IsolationChroot, nil
-	} else {
-		return thirdparty.IsolationOCIRootless, nil
 	}
+	return thirdparty.IsolationOCIRootless, nil
 }
 
 func debug() bool {

pkg/util/linux_container.go

@@ -3,6 +3,7 @@ package util
 import (
 	"context"
 	"fmt"
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -36,18 +37,22 @@ func ToLinuxContainerPath(path string) string {
 	)
 }
 
-func IsInContainer() (bool, error) {
-	if dockerEnvExist, err := RegularFileExists("/.dockerenv"); err != nil {
-		return false, fmt.Errorf("unable to check for /.dockerenv existence: %s", err)
-	} else if dockerEnvExist {
-		return true, nil
+func IsInContainer() bool {
+	// Docker-daemon
+	if isInContainer, err := RegularFileExists("/.dockerenv"); err == nil && isInContainer {
+		return true
 	}
 
-	if containerEnvExist, err := RegularFileExists("/run/.containerenv"); err != nil {
-		return false, fmt.Errorf("unable to check for /run/.containerenv existence: %s", err)
-	} else if containerEnvExist {
-		return true, nil
+	// Podman, CRI-O
+	if isInContainer, err := RegularFileExists("/run/.containerenv"); err == nil && isInContainer {
+		return true
 	}
 
-	return false, nil
+	// containerd without Docker-daemon
+	if cgroupsData, err := os.ReadFile("/proc/1/cgroup"); err == nil &&
+		strings.Contains(string(cgroupsData), "/cri-containerd-") {
+		return true
+	}
+
+	return false
 }