- my ($orig_conf, $orig_mp_param) = PVE::LXC::Create::recover_config($archive);
- if ($authuser eq 'root@pam') {
- @{$conf->{lxc}} = [grep { $_->[0] eq 'lxc.idmap' } @{$orig_conf->{lxc}}]; # do not remove lxc.idmap entries
+ my $orig_mp_param; # only used if $restore
+ if ($restore) {
+ die "can't overwrite running container\n" if PVE::LXC::check_running($vmid);
+ if ($is_root && $archive ne '-') {
+ my $orig_conf;
+ ($orig_conf, $orig_mp_param) = PVE::LXC::Create::recover_config($archive);
+ # When we're root call 'restore_configuration' with ristricted=0,
+ # causing it to restore the raw lxc entries, among which there may be
+ # 'lxc.idmap' entries. We need to make sure that the extracted contents
+ # of the container match up with the restored configuration afterwards:
+ $conf->{lxc} = [grep { $_->[0] eq 'lxc.idmap' } @{$orig_conf->{lxc}}];
+ }