From 9351e196587b73baecfe187b4bc4c3694da608fb Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Wed, 17 Feb 2021 14:58:04 +0900
Subject: [PATCH] dockerd-rootless.sh: prohibit running as root

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 contrib/dockerd-rootless.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contrib/dockerd-rootless.sh b/contrib/dockerd-rootless.sh
index 62da5315e7..c155a6e58e 100755
--- a/contrib/dockerd-rootless.sh
+++ b/contrib/dockerd-rootless.sh
@@ -74,6 +74,10 @@ fi
 if [ -z $_DOCKERD_ROOTLESS_CHILD ]; then
 	_DOCKERD_ROOTLESS_CHILD=1
 	export _DOCKERD_ROOTLESS_CHILD
+	if [ "$(id -u)" = "0" ]; then
+		echo "This script must be executed as a non-privileged user"
+		exit 1
+	fi
 	# Re-exec the script via RootlessKit, so as to create unprivileged {user,mount,network} namespaces.
 	#
 	# --copy-up allows removing/creating files in the directories by creating tmpfs and symlinks