From f711f5a68de98b911ef31676843e6d463cc47f69 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 11 Dec 2020 15:35:41 +0100
Subject: podman: drop checking valid rootless UID

do not check whether the specified ID is valid in the user namespace.

crun handles this case[1], so the check in Podman prevents to get to
the OCI runtime at all.

$ podman run --user 10:0 --uidmap 0:0:1 --rm -ti fedora:33 sh -c 'id; cat /proc/self/uid_map'
uid=10(10) gid=0(root) groups=0(root),65534(nobody)
        10          0          1

[1] https://github.com/containers/crun/pull/556

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/container_internal_linux.go | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'libpod')

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 1bf044f9d..dc1a64863 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -424,11 +424,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	}
 
 	if c.config.User != "" {
-		if rootless.IsRootless() {
-			if err := util.CheckRootlessUIDRange(execUser.Uid); err != nil {
-				return nil, err
-			}
-		}
 		// User and Group must go together
 		g.SetProcessUID(uint32(execUser.Uid))
 		g.SetProcessGID(uint32(execUser.Gid))
-- 
cgit v1.2.3-54-g00ecf