runc: not require uid/gid mappings if euid()==0

When running in a new unserNS as root, don't require a mapping to be
present in the configuration file.  We are already skipping the test
for a new userns to be present.

Signed-off-by: Giuseppe Scrivano <[email protected]>

Author: giuseppe

libcontainer/configs/validate/rootless.go

@@ -43,13 +43,12 @@ func rootlessMappings(config *configs.Config) error {
 		if !config.Namespaces.Contains(configs.NEWUSER) {
 			return fmt.Errorf("rootless containers require user namespaces")
 		}
-	}
-
-	if len(config.UidMappings) == 0 {
-		return fmt.Errorf("rootless containers requires at least one UID mapping")
-	}
-	if len(config.GidMappings) == 0 {
-		return fmt.Errorf("rootless containers requires at least one GID mapping")
+		if len(config.UidMappings) == 0 {
+			return fmt.Errorf("rootless containers requires at least one UID mapping")
+		}
+		if len(config.GidMappings) == 0 {
+			return fmt.Errorf("rootless containers requires at least one GID mapping")
+		}
 	}
 
 	return nil