From 9b22eeab7c90867a2538536c89df0f1e1fffe193 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 24 Sep 2024 18:34:24 +0200
Subject: [PATCH] userns: skip "nogroup"

the alpine image defines a "nogroup":

$ podman run --rm alpine grep nogroup /etc/group
nogroup:x:65533:

ignore it as we are already doing for the "nobody" user.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 userns.go      | 4 ++--
 userns_test.go | 9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/userns.go b/userns.go
index 7b6a5b9bbb..1b494ef12c 100644
--- a/userns.go
+++ b/userns.go
@@ -99,7 +99,7 @@ func parseMountedFiles(containerMount, passwdFile, groupFile string) uint32 {
 		for _, u := range users {
 			// Skip the "nobody" user otherwise we end up with 65536
 			// ids with most images
-			if u.Name == "nobody" {
+			if u.Name == "nobody" || u.Name == "nogroup" {
 				continue
 			}
 			if u.Uid > size && u.Uid != nobodyUser {
@@ -114,7 +114,7 @@ func parseMountedFiles(containerMount, passwdFile, groupFile string) uint32 {
 	groups, err := libcontainerUser.ParseGroupFile(groupFile)
 	if err == nil {
 		for _, g := range groups {
-			if g.Name == "nobody" {
+			if g.Name == "nobody" || g.Name == "nogroup" {
 				continue
 			}
 			if g.Gid > size && g.Gid != nobodyUser {
diff --git a/userns_test.go b/userns_test.go
index 800214870d..c560d552a4 100644
--- a/userns_test.go
+++ b/userns_test.go
@@ -228,6 +228,15 @@ nobody:x:65534:`,
 			groupContent:  "FOOBAR",
 			expectedMax:   0,
 		},
+		{
+			name:          "nogroup ignored",
+			passwdContent: "",
+			groupContent: `
+root:x:0:
+admin:x:4000:
+nogroup:x:65533:`,
+			expectedMax: 4001,
+		},
 	}
 
 	for _, tt := range tests {