Fix: Add nil checks for all Linux spec dereferences

[Yashika0724]

Summary

This PR fixes a nil pointer dereference that can occur during container creation when the OCI spec
does not include the linux section, which is valid per the OCI runtime specification.

Several code paths assume Spec.Linux is always present, including FormatNsenterInfo() which is
executed during CREATE. When the field is missing, urunc panics before reaching Exec().

This change adds defensive checks to safely handle optional OCI fields while preserving existing
behavior for valid specs.

---

Root Cause

The OCI spec defines linux as optional, but the runtime dereferenced Spec.Linux without nil
checks in namespace setup and execution paths, leading to a panic when the field is absent.

---

Fix Applied

Defensive nil checks were added before dereferencing Spec.Linux in:

• FormatNsenterInfo()
• relevant paths in Exec()
• joinSandboxNetNs()

Valid OCI specs continue to follow the same execution flow.

---

Impact

• Prevents runtime panics during CREATE
• Improves stability for malformed or incomplete OCI specs
• No change to intended runtime behavior

[netlify]

✅ Deploy Preview for urunc canceled.

Name	Link
🔨 Latest commit	0b0ce09
🔍 Latest deploy log	https://app.netlify.com/projects/urunc/deploys/6975226ef655c30008ee1239

[netlify]

✅ Deploy Preview for urunc ready!

Name	Link
🔨 Latest commit	baa6733
🔍 Latest deploy log	https://app.netlify.com/projects/urunc/deploys/6978817ca055030007ad67ef
😎 Deploy Preview	https://deploy-preview-398--urunc.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Yashika0724]

Hi @cmainas , this PR adds minimal nil checks to prevent a panic when the OCI spec omits the linux field.
The change does not affect behavior for valid specs and only adds defensive guards.
Please let me know if you’d prefer handling this earlier in the lifecycle
thanks!

[cmainas]

Hello @Yashika0724 ,

these changes are in the same context as #396. Therefore, please merge them under one PR. For more information take a look in the contribution guide.

[Yashika0724]

This PR addresses #409.

Summary

The OCI runtime-spec defines linux as an optional, platform-specific field. urunc was
dereferencing Spec.Linux in multiple locations without nil guards, which could cause a panic
if a spec-compliant bundle omits this field.

---

Changes

• RootfsPropagation: default to empty string when Linux spec is nil
• Namespace lookups: skip mount namespace logic when Linux spec is absent
• joinSandboxNetNs: return ErrNotExistingNS early when Linux spec is nil
• FormatNsenterInfo: return explicit error when Linux spec is missing

These are defensive checks that improve robustness without changing behavior for existing
workloads.

[cmainas]

Hello @Yashika0724 ,

I think you forgot the checks from #396

[Yashika0724]

Thanks for the catch!
I’ve added the missing Exec() nil checks from #396 (memory and seccomp paths) and pushed an update.
Please let me know if anything else should be adjusted.