Prefer runtime options for PluginInfo request

[jfernandez]

Previously, PluginInfo was called with task options as the primary value, resulting in opts.BinaryName being omitted. Consequently, the containerd-shim-runc-v2 fell back to the system's runc binary in the PATH rather than the explicitly specified one. This change inverts the option fallback by preferring runtime options over task options, ensuring the correct binary is used for the PluginInfo request.

At Netflix, we maintain runc in both /usr/bin (which lacks support for user namespaces) and at a custom path. This issue surfaced when enabling user namespaces and encountering the error:

Error: failed to create containerd task: failed to validate OCI runtime
       features: idmap mounts not supported: missing `mountExtensions.idmap`
       entry in the `features` command

Although the features command for runc at our custom path confirmed that mountExtensions.idmap was enabled, the issue arose because opts.BinaryName was blank in the shim code (see:
https://github.com/containerd/containerd/blob/main/cmd/containerd-shim-runc-v2/manager/manager_linux.go#L345), triggering a fallback to the default runc binary at /usr/bin.

Closes: #11169

[k8s-ci-robot]

Hi @jfernandez. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[djdongjin]

/ok-to-test

[djdongjin]

/retest

[AkihiroSuda]

Thanks

[AkihiroSuda]

Would it be possible to have an integration test?

[djdongjin]

LGTM

[jfernandez]

Would it be possible to have an integration test?

Could you give me a code hint about where you'd drop the integration test for this? Or should I create a new file?

[jfernandez]

@AkihiroSuda, I attempted to write an integration test, but I'm facing a challenge. To verify the behavior, I need to set up the following in the test:

1. Remove runc from the PATH.
2. Place runc at a custom path.
3. Call TaskManager.Create in the integration test.
4. Verify that there isn't an error indicating that the shim could not find the runc binary.

I'm not entirely sure how to accomplish steps 1 and 2. If you have any suggestions for a simpler way to test this, please let me know. Otherwise, I would prefer to proceed with the PR as is, and then circle back to add better test coverage to this part of the codebase.

[AkihiroSuda]

Let's merge this for now

[AkihiroSuda]

/cherry-pick release/2.0

[k8s-infra-cherrypick-robot]

@AkihiroSuda: new pull request created: #11446

Details

In response to this:

/cherry-pick release/2.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.