From 13d8bde96f0a21da92bcf353ad5db3f6f83172c2 Mon Sep 17 00:00:00 2001
From: Seth Robertson <srobertson@appcomsci.com>
Date: Wed, 4 Dec 2013 00:24:08 -0500
Subject: [PATCH] lxc_unshare -u argument useful even with USER namespace
 shared

Signed-off-by: Seth Robertson <srobertson@appcomsci.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
 doc/lxc-unshare.sgml.in | 5 ++---
 src/lxc/lxc_unshare.c   | 5 ++---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/doc/lxc-unshare.sgml.in b/doc/lxc-unshare.sgml.in
index a812eb965..9d3be22ed 100644
--- a/doc/lxc-unshare.sgml.in
+++ b/doc/lxc-unshare.sgml.in
@@ -51,7 +51,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
     <cmdsynopsis>
       <command>lxc-unshare</command>
       <arg choice="req">-s <replaceable>namespaces</replaceable></arg>
-      <arg choice="req">-u <replaceable>user</replaceable></arg>
+      <arg choice="opt">-u <replaceable>user</replaceable></arg>
       <arg choice="req">command</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -100,8 +100,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 	</term>
 	<listitem>
 	  <para>
-	    Specify a user which the new task should become.  This option is
-	    only valid if a user namespace is unshared.
+	    Specify a userid which the new task should become.
 	  </para>
 	</listitem>
       </varlistentry>
diff --git a/src/lxc/lxc_unshare.c b/src/lxc/lxc_unshare.c
index 827aa9131..4c82e9e8d 100644
--- a/src/lxc/lxc_unshare.c
+++ b/src/lxc/lxc_unshare.c
@@ -97,7 +97,8 @@ static int do_start(void *arg)
 	int flags = *start_arg->flags;
 	uid_t uid = *start_arg->uid;
 
-	if (flags & CLONE_NEWUSER && setuid(uid)) {
+	// Setuid is useful even without a new user id space
+	if ( uid >= 0 && setuid(uid)) {
 		ERROR("failed to set uid %d: %s", uid, strerror(errno));
 		exit(1);
 	}
@@ -153,8 +154,6 @@ int main(int argc, char *argv[])
 	if (ret)
 		usage(argv[0]);
 
-	if (!(flags & CLONE_NEWUSER) && uid != -1) {
-		ERROR("-u <uid> needs -s USER option");
 		return 1;
 	}