rootless: add function to retrieve the original UID

After we re-exec in the userNS os.Getuid() returns the new UID (= 0)
which is not what we want to use.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1048
Approved by: mheon

pkg/rootless/rootless_linux.c

@@ -88,6 +88,9 @@ reexec_in_user_namespace(int ready)
   char b;
   pid_t ppid = getpid ();
   char **argv;
+  char uid[16];
+
+  sprintf (uid, "%d", geteuid ());
 
   pid = syscall_clone (CLONE_NEWUSER|SIGCHLD, NULL);
   if (pid)
@@ -96,6 +99,7 @@ reexec_in_user_namespace(int ready)
   argv = get_cmd_line_args (ppid);
 
   setenv ("_LIBPOD_USERNS_CONFIGURED", "init", 1);
+  setenv ("_LIBPOD_ROOTLESS_UID", uid, 1);
 
   do
     ret = read (ready, &b, 1) < 0;
@@ -104,6 +108,10 @@ reexec_in_user_namespace(int ready)
     _exit (1);
   close (ready);
 
+  if (setresgid (0, 0, 0) < 0 ||
+      setresuid (0, 0, 0) < 0)
+    _exit (1);
+
   execv (argv[0], argv);
 
   _exit (1);

pkg/rootless/rootless_linux.go

@@ -8,6 +8,7 @@ import (
 	"os"
 	gosignal "os/signal"
 	"runtime"
+	"strconv"
 	"syscall"
 
 	"github.com/containers/storage/pkg/idtools"
@@ -26,6 +27,16 @@ func IsRootless() bool {
 	return os.Getuid() != 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != ""
 }
 
+// GetRootlessUID returns the UID of the user in the parent userNS
+func GetRootlessUID() int {
+	uidEnv := os.Getenv("_LIBPOD_ROOTLESS_UID")
+	if uidEnv != "" {
+		u, _ := strconv.Atoi(uidEnv)
+		return u
+	}
+	return os.Getuid()
+}
+
 // BecomeRootInUserNS re-exec podman in a new userNS
 func BecomeRootInUserNS() (bool, error) {