From 32ec53274ad4ae22666ff1ff7b9265872d83b6da Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Mon, 6 Dec 2021 15:32:10 -0500
Subject: [PATCH] crio: set minimum_mappable_uid/minimum_mappable_gid

Set minimum_mappable_uid/minimum_mappable_gid to 1000000000, the start
of the ranges we assign to namespaces in the default configuration, for
use with unprivileged builds.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
---
 .../master/01-master-container-runtime/_base/files/crio.yaml    | 2 ++
 .../worker/01-worker-container-runtime/_base/files/crio.yaml    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/templates/master/01-master-container-runtime/_base/files/crio.yaml b/templates/master/01-master-container-runtime/_base/files/crio.yaml
index d810f7d5a2..94ae7dfa6b 100644
--- a/templates/master/01-master-container-runtime/_base/files/crio.yaml
+++ b/templates/master/01-master-container-runtime/_base/files/crio.yaml
@@ -32,6 +32,8 @@ contents:
         "/etc/hostname",
     ]
     drop_infra_ctr = true
+    minimum_mappable_uid = 1000000000
+    minimum_mappable_gid = 1000000000
 
     [crio.runtime.workloads.openshift-builder]
     activation_annotation = "io.openshift.builder"
diff --git a/templates/worker/01-worker-container-runtime/_base/files/crio.yaml b/templates/worker/01-worker-container-runtime/_base/files/crio.yaml
index d810f7d5a2..94ae7dfa6b 100644
--- a/templates/worker/01-worker-container-runtime/_base/files/crio.yaml
+++ b/templates/worker/01-worker-container-runtime/_base/files/crio.yaml
@@ -32,6 +32,8 @@ contents:
         "/etc/hostname",
     ]
     drop_infra_ctr = true
+    minimum_mappable_uid = 1000000000
+    minimum_mappable_gid = 1000000000
 
     [crio.runtime.workloads.openshift-builder]
     activation_annotation = "io.openshift.builder"