From 77421139ab0a37cb2d804b8acb6f65e22d5f2017 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com>
Date: Tue, 16 May 2017 13:45:21 +0200
Subject: [PATCH] libcontainer/user: add supplementary groups only for
 non-numeric users

Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
---
 libcontainer/user/user.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcontainer/user/user.go b/libcontainer/user/user.go
index 8962cab3..2471535a 100644
--- a/libcontainer/user/user.go
+++ b/libcontainer/user/user.go
@@ -358,8 +358,8 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (
 
 				// Okay, so it's numeric. We can just roll with this.
 			}
-		} else if len(groups) > 0 {
-			// Supplementary group ids only make sense if in the implicit form.
+		} else if len(groups) > 0 && uidErr != nil {
+			// Supplementary group ids only make sense if in the implicit form for non-numeric users.
 			user.Sgids = make([]int, len(groups))
 			for i, group := range groups {
 				user.Sgids[i] = group.Gid