From 8935bb6c1f7d0915c8f5c3003a989486b8cf3adb Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 24 Jun 2021 15:25:21 -0400
Subject: [PATCH] Fix handling of user namespace

Need to check for userns before entering the chroot.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/chrootarchive/diff_unix.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/pkg/chrootarchive/diff_unix.go b/pkg/chrootarchive/diff_unix.go
index f22c539c0b..84253c6aa9 100644
--- a/pkg/chrootarchive/diff_unix.go
+++ b/pkg/chrootarchive/diff_unix.go
@@ -35,6 +35,7 @@ func applyLayer() {
 	runtime.LockOSThread()
 	flag.Parse()
 
+	inUserns := userns.RunningInUserNS()
 	if err := chroot(flag.Arg(0)); err != nil {
 		fatal(err)
 	}
@@ -50,7 +51,9 @@ func applyLayer() {
 		fatal(err)
 	}
 
-	options.InUserNS = userns.RunningInUserNS()
+	if inUserns {
+		options.InUserNS = true
+	}
 
 	if tmpDir, err = ioutil.TempDir("/", "temp-storage-extract"); err != nil {
 		fatal(err)
@@ -91,7 +94,9 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions
 	}
 	if options == nil {
 		options = &archive.TarOptions{}
-		options.InUserNS = userns.RunningInUserNS()
+		if userns.RunningInUserNS() {
+			options.InUserNS = true
+		}
 	}
 	if options.ExcludePatterns == nil {
 		options.ExcludePatterns = []string{}