From 28c166fa18ee3ad9286cc5016d01a38c5baac10c Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 27 Apr 2022 15:38:31 +0200
Subject: [PATCH] chown: use ToHostOverflow when chowning

when chowning an image, fall back to the overflow ID when a UID or GID
cannot be mapped to the target user namespace.

This ensures the chown driver works similar to what we do with
idmapped mounts when it is supported for overlay.

It is needed for CRI-O to support user namespaces in Kubernetes since
the Kubelet picks a static size for the user namespace and it might
break some images using IDs outside the picked range.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 drivers/chown_unix.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/chown_unix.go b/drivers/chown_unix.go
index 3c508b66b1..c598b936d6 100644
--- a/drivers/chown_unix.go
+++ b/drivers/chown_unix.go
@@ -76,7 +76,7 @@ func (c *platformChowner) LChown(path string, info os.FileInfo, toHost, toContai
 			UID: uid,
 			GID: gid,
 		}
-		mappedPair, err := toHost.ToHost(pair)
+		mappedPair, err := toHost.ToHostOverflow(pair)
 		if err != nil {
 			return fmt.Errorf("error mapping container ID pair %#v for %q to host: %v", pair, path, err)
 		}