container: fix the issue of using the wrong user

Signed-off-by: fupan <[email protected]>

daemon/pod/container.go

@@ -628,12 +628,7 @@ func (c *Container) ociSpec(cjson *dockertypes.ContainerJSON, cmds []string) *sp
 
 	ocispec.Hostname = c.p.globalSpec.Hostname
 
-	/*
-	* ocispec used the user's UID and GID instead of user name and group name,
-	* thus it needed to convert the user name and group name to UID and GID in
-	* the future, here just set it to "0" as default.
-	 */
-	ocispec.Process.User = specs.User{UID: 0, GID: 0}
+	ocispec.Process.User = specs.User{Username: c.spec.User.Name}
 
 	for _, l := range c.spec.Ulimits {
 		ltype := strings.ToLower(l.Name)
@@ -648,7 +643,6 @@ func (c *Container) ociSpec(cjson *dockertypes.ContainerJSON, cmds []string) *sp
 }
 
 func (c *Container) containerConfig(cjson *dockertypes.ContainerJSON) (*vc.ContainerConfig, error) {
-	var user, group string
 	var ociSpec *specs.Spec
 	var cmds []string
 
@@ -665,6 +659,10 @@ func (c *Container) containerConfig(cjson *dockertypes.ContainerJSON) (*vc.Conta
 		c.spec.StopSignal = "TERM"
 	}
 
+	if c.spec.User == nil {
+		c.spec.User = &apitypes.UserUser{Name: cjson.Config.User}
+	}
+
 	cmds = append(cmds, cjson.Config.Entrypoint.Slice()...)
 	cmds = append(cmds, cjson.Config.Cmd.Slice()...)
 
@@ -706,17 +704,12 @@ func (c *Container) containerConfig(cjson *dockertypes.ContainerJSON) (*vc.Conta
 	}
 	c.Log(DEBUG, "mount id: %s", mountId)
 
-	if c.spec.User != nil {
-		user = c.spec.User.Name
-		group = c.spec.User.Group
-	}
-
 	cmd := vc.Cmd{
 		Args:         cmds,
 		Envs:         c.cmdEnvs([]vc.EnvVar{}),
 		WorkDir:      c.spec.Workdir,
-		User:         user,
-		PrimaryGroup: group,
+		User:         c.spec.User.Name,
+		PrimaryGroup: c.spec.User.Group,
 		Interactive:  c.spec.Tty,
 		Detach:       !c.HasTty(),
 	}