From 0f7550c39e2eef551192501381f0bbcf041ddee1 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 10 Jul 2024 10:12:36 +0200
Subject: [PATCH] libpod: run conmon from the persist directory

conmon creates a "oom" file inside the current working directory when
an OOM event happens in the cgroup.  Run conmon from the persist
directory so it doesn't leak files in the directory where Podman runs.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/oci_conmon_common.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libpod/oci_conmon_common.go b/libpod/oci_conmon_common.go
index c32fba46e2..5589a7da1f 100644
--- a/libpod/oci_conmon_common.go
+++ b/libpod/oci_conmon_common.go
@@ -1197,6 +1197,7 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
+	cmd.Dir = persistDir
 	if ctr.Terminal() {
 		cmd.Stderr = &stderrBuf
 	}