Set user id 0 for user root:root

joyrex2001 · joyrex2001 · commit 88fd5414d15f · 2025-01-28T18:06:02.000+01:00
diff --git a/internal/model/types/container.go b/internal/model/types/container.go
@@ -267,7 +267,7 @@ func (co *Container) GetPodSecurityContext(context *corev1.PodSecurityContext) (
 	}
 
 	// the user id for the root user is always 0
-	if user == "root" {
+	if strings.Split(user, ":")[0] == "root" {
 		klog.Infof("user is root so setting user to 0")
 		user = "0"
 	}
diff --git a/internal/model/types/container_test.go b/internal/model/types/container_test.go
@@ -483,6 +483,22 @@ func TestGetRunasUser(t *testing.T) {
 			outsc: corev1.PodSecurityContext{RunAsUser: makeIntPointer(1000)},
 			err:   false,
 		},
+		{ // 8
+			in: &Container{Labels: map[string]string{
+				"com.joyrex2001.kubedock.runas-user": "root",
+			}},
+			insc:  &corev1.PodSecurityContext{RunAsUser: makeIntPointer(500)},
+			outsc: corev1.PodSecurityContext{RunAsUser: makeIntPointer(0)},
+			err:   false,
+		},
+		{ // 9
+			in: &Container{Labels: map[string]string{
+				"com.joyrex2001.kubedock.runas-user": "root:root",
+			}},
+			insc:  &corev1.PodSecurityContext{RunAsUser: makeIntPointer(500)},
+			outsc: corev1.PodSecurityContext{RunAsUser: makeIntPointer(0)},
+			err:   false,
+		},
 	}
 	for i, tst := range tests {
 		res, err := tst.in.GetPodSecurityContext(tst.insc)

Original file line number	Diff line number	Diff line change
`@@ -267,7 +267,7 @@ func (co Container) GetPodSecurityContext(context corev1.PodSecurityContext) (`
`267`	`267`	`}`
`268`	`268`
`269`	`269`	`// the user id for the root user is always 0`
`270`		`- if user == "root" {`
	`270`	`+ if strings.Split(user, ":")[0] == "root" {`
`271`	`271`	`klog.Infof("user is root so setting user to 0")`
`272`	`272`	`user = "0"`
`273`	`273`	`}`