1 files changed, 7 insertions, 16 deletions

diff --git a/libpod/runtime.go b/libpod/runtime.go
index 18e9dfeb3..1f8dd98b4 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -877,10 +877,9 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
 	// TODO: we can't close the FD in this lock, so we should keep it around
 	// and use it to lock important operations
 	aliveLock.Lock()
-	locked := true
 	doRefresh := false
 	defer func() {
-		if locked {
+		if aliveLock.Locked() {
 			aliveLock.Unlock()
 		}
 	}()
@@ -891,8 +890,12 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
 		// no containers running.  Create immediately a namespace, as
 		// we will need to access the storage.
 		if os.Geteuid() != 0 {
-			aliveLock.Unlock()
-			became, ret, err := rootless.BecomeRootInUserNS()
+			aliveLock.Unlock() // Unlock to avoid deadlock as BecomeRootInUserNS will reexec.
+			pausePid, err := util.GetRootlessPauseProcessPidPath()
+			if err != nil {
+				return errors.Wrapf(err, "could not get pause process pid file path")
+			}
+			became, ret, err := rootless.BecomeRootInUserNS(pausePid)
 			if err != nil {
 				return err
 			}
@@ -966,18 +969,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
 	runtime.valid = true
 
 	if runtime.doMigrate {
-		if os.Geteuid() != 0 {
-			aliveLock.Unlock()
-			locked = false
-
-			became, ret, err := rootless.BecomeRootInUserNS()
-			if err != nil {
-				return err
-			}
-			if became {
-				os.Exit(ret)
-			}
-		}
 		if err := runtime.migrate(ctx); err != nil {
 			return err
 		}