Fix --userns=ns:<path> conflicting with runc 1.1.11+

Remove dummy UID/GID mappings added when joining existing user namespaces, which runc 1.1.11+ rejects as conflicting. RUNC fix: https://github.com/opencontainers/runc/pull/4124 Fixes #27148 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-02-05 15:45:08 +01:00 · 2025-10-06 19:42:33 +02:00
parent 80b20c7614
commit 79ecc1d56b
2 changed files with 27 additions and 3 deletions
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -503,9 +503,6 @@ func SetupUserNS(idmappings *storageTypes.IDMappingOptions, userns Namespace, g
 		if err := g.AddOrReplaceLinuxNamespace(string(spec.UserNamespace), userns.Value); err != nil {
 			return user, err
 		}
-		// runc complains if no mapping is specified, even if we join another ns.  So provide a dummy mapping
-		g.AddLinuxUIDMapping(uint32(0), uint32(0), uint32(1))
-		g.AddLinuxGIDMapping(uint32(0), uint32(0), uint32(1))
 	case Host:
 		if err := g.RemoveLinuxNamespace(string(spec.UserNamespace)); err != nil {
 			return user, err