From d06480d99eb0fb4abc0b6c2b62f90dff03c459f8 Mon Sep 17 00:00:00 2001
From: Ashley Cui <acui@redhat.com>
Date: Thu, 27 Apr 2023 15:13:26 -0400
Subject: [PATCH] Fix clashing subuid

When initing a podman machine, we match core's UID to the UID of the user on the host. If the UID is in the subUID range, the machine throws an error. Check if the UID is within the default range for /etc/subuid (10000:1000000), and if it is, we adjust the range to not include it.

Signed-off-by: Ashley Cui <acui@redhat.com>
---
 pkg/machine/ignition.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index f8ba4c0f89..6d39fa69b3 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -95,7 +95,7 @@ func (ign *DynamicIgnition) GenerateIgnitionConfig() error {
 
 	ignStorage := Storage{
 		Directories: getDirs(ign.Name),
-		Files:       getFiles(ign.Name),
+		Files:       getFiles(ign.Name, ign.UID),
 		Links:       getLinks(ign.Name),
 	}
 
@@ -285,7 +285,7 @@ func getDirs(usrName string) []Directory {
 	return dirs
 }
 
-func getFiles(usrName string) []File {
+func getFiles(usrName string, uid int) []File {
 	files := make([]File, 0)
 
 	lingerExample := `[Unit]
@@ -307,7 +307,13 @@ machine_enabled=true
 	delegateConf := `[Service]
 Delegate=memory pids cpu io
 `
-	subUID := `%s:100000:1000000`
+	// Prevent subUID from clashing with actual UID
+	subUID := 100000
+	subUIDs := 1000000
+	if uid >= subUID && uid < (subUID+subUIDs) {
+		subUID = uid + 1
+	}
+	etcSubUID := fmt.Sprintf(`%s:%d:%d`, usrName, subUID, subUIDs)
 
 	// Add a fake systemd service to get the user socket rolling
 	files = append(files, File{
@@ -341,7 +347,6 @@ Delegate=memory pids cpu io
 			Mode: IntToPtr(0744),
 		},
 	})
-
 	// Set up /etc/subuid and /etc/subgid
 	for _, sub := range []string{"/etc/subuid", "/etc/subgid"} {
 		files = append(files, File{
@@ -354,7 +359,7 @@ Delegate=memory pids cpu io
 			FileEmbedded1: FileEmbedded1{
 				Append: nil,
 				Contents: Resource{
-					Source: EncodeDataURLPtr(fmt.Sprintf(subUID, usrName)),
+					Source: EncodeDataURLPtr(etcSubUID),
 				},
 				Mode: IntToPtr(0744),
 			},