From e9b003a4f602a0fb4a2242ed9bbb2f7d436c4962 Mon Sep 17 00:00:00 2001
From: jason yang <jasonyangshadow@gmail.com>
Date: Fri, 24 May 2024 18:55:15 +0900
Subject: [PATCH] init

Signed-off-by: jason yang <jasonyangshadow@gmail.com>
---
 internal/pkg/runtime/launch/launcher_linux.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/pkg/runtime/launch/launcher_linux.go b/internal/pkg/runtime/launch/launcher_linux.go
index be9493dbb2..906ab98eef 100644
--- a/internal/pkg/runtime/launch/launcher_linux.go
+++ b/internal/pkg/runtime/launch/launcher_linux.go
@@ -99,7 +99,7 @@ func (l *Launcher) Exec(ctx context.Context, image string, args []string, instan
 	var err error
 
 	var fakerootPath string
-	if l.cfg.Fakeroot {
+	if userNs, _ := namespaces.IsInsideUserNamespace(os.Getpid()); userNs && os.Getuid() == 0 {
 		if (l.uid == 0) && namespaces.IsUnprivileged() {
 			// Already running root-mapped unprivileged
 			l.cfg.Fakeroot = false
@@ -1067,7 +1067,7 @@ func (l *Launcher) setCgroups(instanceName string) error {
 	hidePid := hidepidProc()
 	// If we are an instance, always use a cgroup if possible, to enable stats.
 	// root can always create a cgroup.
-	useCG := l.uid == 0
+	useCG := l.uid == 0 && !l.cfg.Namespaces.User
 	// non-root needs cgroups v2 unified mode + systemd as cgroups manager.
 	if !useCG && lccgroups.IsCgroup2UnifiedMode() && l.engineConfig.File.SystemdCgroups && !l.cfg.Fakeroot && !hidePid {
 		if os.Getenv("XDG_RUNTIME_DIR") == "" || os.Getenv("DBUS_SESSION_BUS_ADDRESS") == "" {