youki-dev · orimanabu · Jan 18, 2023 · utam0k · Sep 4, 2022 · orimanabu
diff --git a/crates/libcgroups/src/common.rs b/crates/libcgroups/src/common.rs
@@ -217,6 +217,22 @@ fn create_v2_cgroup_manager(_cgroup_path: PathBuf) -> Result<Box<dyn CgroupManag
     bail!("cgroup v2 feature is required, but was not enabled during compile time");
 }
 
+/// Checks if rootless mode should be used
+pub fn rootless_required() -> bool {
+    if !nix::unistd::geteuid().is_root() {
+        return true;
+    }
+
+    let uid_map_path = "/proc/self/uid_map";
+    let content = fs::read_to_string(uid_map_path)
+        .unwrap_or_else(|_| panic!("failed to read {}", uid_map_path));
+    if !content.contains("4294967295") {
+        return true;
+    }
+
+    matches!(std::env::var("YOUKI_USE_ROOTLESS").as_deref(), Ok("true"))
+}
+
 #[cfg(feature = "systemd")]
 fn create_systemd_cgroup_manager(
     cgroup_path: PathBuf,
@@ -228,7 +244,7 @@ fn create_systemd_cgroup_manager(
         );
     }
 
-    let use_system = nix::unistd::geteuid().is_root();
+    let use_system = !rootless_required();
 
     log::info!(
         "systemd cgroup manager with system bus {} will be used",

diff --git a/crates/libcontainer/src/rootless.rs b/crates/libcontainer/src/rootless.rs
@@ -1,5 +1,6 @@
 use crate::{namespaces::Namespaces, utils};
 use anyhow::{bail, Context, Result};
+use libcgroups::common::rootless_required;
 use nix::unistd::Pid;
 use oci_spec::runtime::{Linux, LinuxIdMapping, LinuxNamespace, LinuxNamespaceType, Mount, Spec};
 use std::fs;
@@ -117,15 +118,6 @@ pub fn get_gid_path(pid: &Pid) -> PathBuf {
     utils::get_temp_dir_path(format!("{pid}_mapping_path").as_str()).join("gid_map")
 }
 
-/// Checks if rootless mode should be used
-pub fn rootless_required() -> bool {
-    if !nix::unistd::geteuid().is_root() {
-        return true;
-    }
-
-    matches!(std::env::var("YOUKI_USE_ROOTLESS").as_deref(), Ok("true"))
-}
-
 pub fn unprivileged_user_ns_enabled() -> Result<bool> {
     let user_ns_sysctl = Path::new("/proc/sys/kernel/unprivileged_userns_clone");
     if !user_ns_sysctl.exists() {

diff --git a/crates/youki/src/main.rs b/crates/youki/src/main.rs
@@ -14,7 +14,7 @@ use std::fs;
 use std::path::{Path, PathBuf};
 
 use crate::commands::info;
-use libcontainer::rootless::rootless_required;
+use libcgroups::common::rootless_required;
 use libcontainer::utils::create_dir_all_with_mode;
 use nix::sys::stat::Mode;
 use nix::unistd::getuid;