lxc-oci: support unprivileged umoci unpacking

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 4c4d1039332897b6d24098dd63441f91c553da6d..dac3eebec26b4c6c1f7ee257c1f1e4f3c49f0563 100755 (executable)
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -190,7 +190,11 @@ skopeo copy "${OCI_URL}" "oci:${DOWNLOAD_TEMP}:latest"
 # Unpack the rootfs
 echo "Unpacking the rootfs"
 
-umoci unpack --image "${DOWNLOAD_TEMP}:latest" "${LXC_ROOTFS}.tmp"
+umoci_args=("")
+if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
+    umoci_args+=(--rootless)
+fi
+umoci unpack ${umoci_args[@]} --image "${DOWNLOAD_TEMP}:latest" "${LXC_ROOTFS}.tmp"
 rmdir "${LXC_ROOTFS}"
 mv "${LXC_ROOTFS}.tmp/rootfs" "${LXC_ROOTFS}"
 entrypoint=$(getep ${DOWNLOAD_TEMP} latest)