From 8bbce8d37fe945820076ea1fc43c1180229794a9 Mon Sep 17 00:00:00 2001
From: Rodrigo Campos <rodrigoca@microsoft.com>
Date: Mon, 4 Dec 2023 12:56:27 +0100
Subject: [PATCH] pkg/process: Check using idmap mount options too

The runtime-spec just merged this PR:
	https://github.com/opencontainers/runtime-spec/pull/1224

This means that it is now possible to request idmap mounts by specifying
"idmap" or "ridmap" in the mount options, without any mappings.

Let's add a check to see if they are requested in that way too.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
---
 cmd/containerd-shim-runc-v2/process/init.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/cmd/containerd-shim-runc-v2/process/init.go b/cmd/containerd-shim-runc-v2/process/init.go
index 10da7d798cab..648ae608383c 100644
--- a/cmd/containerd-shim-runc-v2/process/init.go
+++ b/cmd/containerd-shim-runc-v2/process/init.go
@@ -206,6 +206,10 @@ func (p *Init) validateIDMapMounts(ctx context.Context, spec *specs.Spec) error
 			used = true
 			break
 		}
+		if sliceContainsStr(m.Options, "idmap") || sliceContainsStr(m.Options, "ridmap") {
+			used = true
+			break
+		}
 	}
 
 	if !used {
@@ -552,3 +556,12 @@ func withConditionalIO(c stdio.Stdio) runc.IOOpt {
 		o.OpenStderr = c.Stderr != ""
 	}
 }
+
+func sliceContainsStr(s []string, str string) bool {
+	for _, s := range s {
+		if s == str {
+			return true
+		}
+	}
+	return false
+}