check --user range for rootless containers

Check --user range if it's a uid for rootless containers. Returns error if it is out of the range. From https://github.com/containers/libpod/issues/6431#issuecomment-636124686

Signed-off-by: Qi Wang <qiwan@redhat.com>

pkg/util/utils_linux.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"syscall"
 
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/psgo"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -52,3 +53,18 @@ func FindDeviceNodes() (map[string]string, error) {
 
 	return nodes, nil
 }
+
+// CheckRootlessUIDRange checks the uid within the rootless container is in the range from /etc/subuid
+func CheckRootlessUIDRange(uid int) error {
+	uids, _, err := rootless.GetConfiguredMappings()
+	if err != nil {
+		return err
+	}
+	for _, u := range uids {
+		// add 1 since we also map in the user's own UID
+		if uid > u.Size+1 {
+			return errors.Errorf("requested user's UID %d is too large for the rootless user namespace", uid)
+		}
+	}
+	return nil
+}