From cbcc85d311725031e5957385f3ad43acfc0b66f2 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 12 Jun 2018 12:09:16 +0200
Subject: [PATCH] runc: not require uid/gid mappings if euid()==0

When running in a new unserNS as root, don't require a mapping to be
present in the configuration file.  We are already skipping the test
for a new userns to be present.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libcontainer/configs/validate/rootless.go | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go
index e532ac8f..8c3954ce 100644
--- a/libcontainer/configs/validate/rootless.go
+++ b/libcontainer/configs/validate/rootless.go
@@ -43,13 +43,12 @@ func rootlessMappings(config *configs.Config) error {
 		if !config.Namespaces.Contains(configs.NEWUSER) {
 			return fmt.Errorf("rootless containers require user namespaces")
 		}
-	}
-
-	if len(config.UidMappings) == 0 {
-		return fmt.Errorf("rootless containers requires at least one UID mapping")
-	}
-	if len(config.GidMappings) == 0 {
-		return fmt.Errorf("rootless containers requires at least one GID mapping")
+		if len(config.UidMappings) == 0 {
+			return fmt.Errorf("rootless containers requires at least one UID mapping")
+		}
+		if len(config.GidMappings) == 0 {
+			return fmt.Errorf("rootless containers requires at least one GID mapping")
+		}
 	}
 
 	return nil