From 64571ea0a4e70006c727c652b20cdda847b9af29 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 22 Dec 2020 16:32:04 +0100
Subject: libpod: handle single user mapped as root

if a single user is mapped in the user namespace, handle it as root.

It is needed for running unprivileged containers with a single user
available without being forced to run with euid and egid set to 0.

Needs: https://github.com/containers/storage/pull/794

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/container.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'libpod/container.go')

diff --git a/libpod/container.go b/libpod/container.go
index 96a21736c..58bf95470 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -1012,6 +1012,9 @@ func (c *Container) IDMappings() (storage.IDMappingOptions, error) {
 
 // RootUID returns the root user mapping from container
 func (c *Container) RootUID() int {
+	if len(c.config.IDMappings.UIDMap) == 1 && c.config.IDMappings.UIDMap[0].Size == 1 {
+		return c.config.IDMappings.UIDMap[0].HostID
+	}
 	for _, uidmap := range c.config.IDMappings.UIDMap {
 		if uidmap.ContainerID == 0 {
 			return uidmap.HostID
@@ -1022,6 +1025,9 @@ func (c *Container) RootUID() int {
 
 // RootGID returns the root user mapping from container
 func (c *Container) RootGID() int {
+	if len(c.config.IDMappings.GIDMap) == 1 && c.config.IDMappings.GIDMap[0].Size == 1 {
+		return c.config.IDMappings.GIDMap[0].HostID
+	}
 	for _, gidmap := range c.config.IDMappings.GIDMap {
 		if gidmap.ContainerID == 0 {
 			return gidmap.HostID
-- 
cgit v1.2.3-54-g00ecf