From e486eeabda271b7b5f1cd73c9ecfe2848f26f428 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 25 Aug 2025 13:37:27 +0200
Subject: [PATCH] linux: fix regression mounting within userns

commit 4a27212af83e07505d945aec54a9cf3abdeabd7e introduced the
regression.

Detect when running inside a user namespace and treat the mounts in
the same way as they would be treated if creating a new user
namespace.

Closes: https://github.com/containers/crun/issues/1855

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 src/libcrun/linux.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c
index 480a5a40af..75120cea37 100644
--- a/src/libcrun/linux.c
+++ b/src/libcrun/linux.c
@@ -4462,6 +4462,17 @@ prepare_and_send_mount_mounts (libcrun_container_t *container, pid_t pid, int sy
 
   mount_fds = make_libcrun_fd_map (def->mounts_len);
 
+  /* If the container is already running in a user namespace, apply the same logic as if a new
+     user namespace was created as part of the container itself.  */
+  if (! has_userns)
+    {
+      int is_in_userns = check_running_in_user_namespace (err);
+      if (UNLIKELY (is_in_userns < 0))
+        return is_in_userns;
+
+      has_userns = is_in_userns > 0;
+    }
+
   for (i = 0; i < def->mounts_len; i++)
     {
       bool recursive = false;