From 51c80577e0def5cd1be761fa03fe21dce5859754 Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis@nvidia.com>
Date: Tue, 21 Nov 2017 13:49:25 -0800
Subject: [PATCH] lxc-oci: support unprivileged umoci unpacking

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
---
 templates/lxc-oci.in | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 4c4d10393..dac3eebec 100755
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -190,7 +190,11 @@ skopeo copy "${OCI_URL}" "oci:${DOWNLOAD_TEMP}:latest"
 # Unpack the rootfs
 echo "Unpacking the rootfs"
 
-umoci unpack --image "${DOWNLOAD_TEMP}:latest" "${LXC_ROOTFS}.tmp"
+umoci_args=("")
+if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
+    umoci_args+=(--rootless)
+fi
+umoci unpack ${umoci_args[@]} --image "${DOWNLOAD_TEMP}:latest" "${LXC_ROOTFS}.tmp"
 rmdir "${LXC_ROOTFS}"
 mv "${LXC_ROOTFS}.tmp/rootfs" "${LXC_ROOTFS}"
 entrypoint=$(getep ${DOWNLOAD_TEMP} latest)
-- 
2.47.3