libcontainer: setupUserNamespace is always called

[ynirk]

The setupUserNamespace is always called even if the usernamespace is not set. This results having wrong uid/gid set on devices.

This fix add a test to check if usernamespace is set befor calling
setupUserNamespace.

Fixes #1742

Signed-off-by: Julien Lavesque julien.lavesque@gmail.com

[cyphar]

The code in question is still broken with user namespaces, because the logic in setupUserNamespaces is wrong. It should only be setting the owner to root if and only if the uid or gid are unmapped in the user namespaces set (so if the uid is unmapped for a given device, set the uid to root).

However in general I also think that the the logic of "magically change the owners" doesn't make much sense either -- so maybe this section should just be dropped entirely. I'm not sure -- @crosbymichael do you know if anything actually depends on this?

[crosbymichael]

LGTM

Also I think @cyphar point makes sense about changing the logic in a follow up PR. I think it was originally like this because the userns was erroring when no uid/gid was set on a device or the device was owned by a weird user before. We would have to test and see if we can remove it fully.

[crosbymichael]

LGTM

[crosbymichael]

@cyphar this should probably go in RC5 and 1.0. It was a bug merged in that caused this because we had a check before that wouldn't run this code unless userns was specified .

[mrunalp]

LGTM

[cyphar]

@crosbymichael Alright, I'll send out a REJECT and then re-send the release mail. Merging.

LGTM (for the record).