From f711f5a68de98b911ef31676843e6d463cc47f69 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 11 Dec 2020 15:35:41 +0100
Subject: podman: drop checking valid rootless UID

do not check whether the specified ID is valid in the user namespace.

crun handles this case[1], so the check in Podman prevents to get to
the OCI runtime at all.

$ podman run --user 10:0 --uidmap 0:0:1 --rm -ti fedora:33 sh -c 'id; cat /proc/self/uid_map'
uid=10(10) gid=0(root) groups=0(root),65534(nobody)
        10          0          1

[1] https://github.com/containers/crun/pull/556

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 cmd/podman/containers/run.go | 11 -----------
 1 file changed, 11 deletions(-)

(limited to 'cmd/podman')

diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index 6ff1b929d..46bfb4143 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -3,7 +3,6 @@ package containers
 import (
 	"fmt"
 	"os"
-	"strconv"
 	"strings"
 
 	"github.com/containers/common/pkg/completion"
@@ -15,7 +14,6 @@ import (
 	"github.com/containers/podman/v2/pkg/errorhandling"
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/podman/v2/pkg/specgen"
-	"github.com/containers/podman/v2/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -108,15 +106,6 @@ func run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	if rootless.IsRootless() && !registry.IsRemote() {
-		userspec := strings.SplitN(cliVals.User, ":", 2)[0]
-		if uid, err := strconv.ParseInt(userspec, 10, 32); err == nil {
-			if err := util.CheckRootlessUIDRange(int(uid)); err != nil {
-				return err
-			}
-		}
-	}
-
 	if af := cliVals.Authfile; len(af) > 0 {
 		if _, err := os.Stat(af); err != nil {
 			return err
-- 
cgit v1.2.3-54-g00ecf