Fix clashing subuid

When initing a podman machine, we match core's UID to the UID of the user on the host. If the UID is in the subUID range, the machine throws an error. Check if the UID is within the default range for /etc/subuid (10000:1000000), and if it is, we adjust the range to not include it. Signed-off-by: Ashley Cui <acui@redhat.com>
2025-07-24 07:58:04 +08:00 · 2023-04-27 15:13:26 -04:00
parent 0277adf693
commit d06480d99e
1 changed files with 10 additions and 5 deletions
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@ -95,7 +95,7 @@ func (ign *DynamicIgnition) GenerateIgnitionConfig() error {

 	ignStorage := Storage{
 		Directories: getDirs(ign.Name),
-		Files:       getFiles(ign.Name),
+		Files:       getFiles(ign.Name, ign.UID),
 		Links:       getLinks(ign.Name),
 	}

@ -285,7 +285,7 @@ func getDirs(usrName string) []Directory {
 	return dirs
 }

-func getFiles(usrName string) []File {
+func getFiles(usrName string, uid int) []File {
 	files := make([]File, 0)

 	lingerExample := `[Unit]
@ -307,7 +307,13 @@ machine_enabled=true
 	delegateConf := `[Service]
 Delegate=memory pids cpu io
 `
-	subUID := `%s:100000:1000000`
+	// Prevent subUID from clashing with actual UID
+	subUID := 100000
+	subUIDs := 1000000
+	if uid >= subUID && uid < (subUID+subUIDs) {
+		subUID = uid + 1
+	}
+	etcSubUID := fmt.Sprintf(`%s:%d:%d`, usrName, subUID, subUIDs)

 	// Add a fake systemd service to get the user socket rolling
 	files = append(files, File{
@ -341,7 +347,6 @@ Delegate=memory pids cpu io
 			Mode: IntToPtr(0744),
 		},
 	})
-
 	// Set up /etc/subuid and /etc/subgid
 	for _, sub := range []string{"/etc/subuid", "/etc/subgid"} {
 		files = append(files, File{
@ -354,7 +359,7 @@ Delegate=memory pids cpu io
 			FileEmbedded1: FileEmbedded1{
 				Append: nil,
 				Contents: Resource{
-					Source: EncodeDataURLPtr(fmt.Sprintf(subUID, usrName)),
+					Source: EncodeDataURLPtr(etcSubUID),
 				},
 				Mode: IntToPtr(0744),
 			},