From 8ecb2785cd7686ae79384e75f7bd7c8c70cdd0f0 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Fri, 10 Jan 2025 13:56:09 -0800
Subject: [PATCH] libcontainer/configs/validate: improve rootlessEUIDMount

1. Avoid splitting mount data into []string if it does not contain
   options we're interested in. This should result in slightly less
   garbage to collect.

2. Use if / else if instead of continue, to make it clearer that
   we're processing one option at a time.

3. Print the whole option as a sting in an error message; practically
   this should not have any effect, it's just simpler.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 libcontainer/configs/validate/rootless.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go
index 7a30f5c58c0..1d1295b216e 100644
--- a/libcontainer/configs/validate/rootless.go
+++ b/libcontainer/configs/validate/rootless.go
@@ -55,6 +55,9 @@ func rootlessEUIDMount(config *configs.Config) error {
 	for _, mount := range config.Mounts {
 		// Check that the options list doesn't contain any uid= or gid= entries
 		// that don't resolve to root.
+		if !strings.Contains(mount.Data, "id=") {
+			continue
+		}
 		for _, opt := range strings.Split(mount.Data, ",") {
 			if str, ok := strings.CutPrefix(opt, "uid="); ok {
 				uid, err := strconv.Atoi(str)
@@ -63,18 +66,16 @@ func rootlessEUIDMount(config *configs.Config) error {
 					continue
 				}
 				if _, err := config.HostUID(uid); err != nil {
-					return fmt.Errorf("cannot specify uid=%d mount option for rootless container: %w", uid, err)
+					return fmt.Errorf("cannot specify %s mount option for rootless container: %w", opt, err)
 				}
-				continue
-			}
-			if str, ok := strings.CutPrefix(opt, "gid="); ok {
+			} else if str, ok := strings.CutPrefix(opt, "gid="); ok {
 				gid, err := strconv.Atoi(str)
 				if err != nil {
 					// Ignore unknown mount options.
 					continue
 				}
 				if _, err := config.HostGID(gid); err != nil {
-					return fmt.Errorf("cannot specify gid=%d mount option for rootless container: %w", gid, err)
+					return fmt.Errorf("cannot specify %s mount option for rootless container: %w", opt, err)
 				}
 			}
 		}