unshare: fix creating a userns when running as root

this check would prevent the function to ever be used when running as root, since we won't check what capabilities are currently available to the process. Signed-off-by: Giuseppe Scrivano <[email protected]> (cherry picked from commit 1af3928)
containers · Jan 16, 2023 · 1f6c35b · 1f6c35b
1 parent 472e26b
commit 1f6c35b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/unshare/unshare_linux.go b/pkg/unshare/unshare_linux.go
@@ -448,7 +448,7 @@ type Runnable interface {
 // MaybeReexecUsingUserNamespace re-exec the process in a new namespace
 func MaybeReexecUsingUserNamespace(evenForRoot bool) {
 	// If we've already been through this once, no need to try again.
-	if os.Geteuid() == 0 && IsRootless() {
+	if os.Geteuid() == 0 && GetRootlessUID() > 0 {
 		return
 	}