From 99df1a9e11f348b53d91a3356818bcf461971f37 Mon Sep 17 00:00:00 2001
From: Michael Crosby <crosbymichael@gmail.com>
Date: Mon, 6 Aug 2018 15:08:59 -0400
Subject: [PATCH] Set gid 0 when no group is specified

This change is to match Docker's implementaion of setting gid and groups
to 0 when no gid is specified but an explicit uid is set.

Fixes #2527

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
---
 container_linux_test.go | 35 +++++++++++++++++++++++++++++++++++
 oci/spec_opts_unix.go   |  4 ++--
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/container_linux_test.go b/container_linux_test.go
index 3140ff3be..8fa8133a2 100644
--- a/container_linux_test.go
+++ b/container_linux_test.go
@@ -1321,3 +1321,38 @@ func TestContainerNoImage(t *testing.T) {
 		t.Fatalf("expected error to be %s but received %s", errdefs.ErrNotFound, err)
 	}
 }
+
+func TestUIDNoGID(t *testing.T) {
+	t.Parallel()
+
+	ctx, cancel := testContext()
+	defer cancel()
+	id := t.Name()
+
+	client, err := newClient(t, address)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer client.Close()
+	image, err := client.GetImage(ctx, testImage)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	container, err := client.NewContainer(ctx, id, WithNewSnapshot(id, image), WithNewSpec(oci.WithUserID(1000)))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer container.Delete(ctx)
+
+	spec, err := container.Spec(ctx)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if uid := spec.Process.User.UID; uid != 1000 {
+		t.Fatalf("expected uid 1000 but received %d", uid)
+	}
+	if gid := spec.Process.User.GID; gid != 0 {
+		t.Fatalf("expected gid 0 but received %d", gid)
+	}
+}
diff --git a/oci/spec_opts_unix.go b/oci/spec_opts_unix.go
index 9b01afa44..e42f61da1 100644
--- a/oci/spec_opts_unix.go
+++ b/oci/spec_opts_unix.go
@@ -371,7 +371,7 @@ func WithUserID(uid uint32) SpecOpts {
 			})
 			if err != nil {
 				if os.IsNotExist(err) || err == errNoUsersFound {
-					s.Process.User.UID, s.Process.User.GID = uid, uid
+					s.Process.User.UID, s.Process.User.GID = uid, 0
 					return nil
 				}
 				return err
@@ -397,7 +397,7 @@ func WithUserID(uid uint32) SpecOpts {
 			})
 			if err != nil {
 				if os.IsNotExist(err) || err == errNoUsersFound {
-					s.Process.User.UID, s.Process.User.GID = uid, uid
+					s.Process.User.UID, s.Process.User.GID = uid, 0
 					return nil
 				}
 				return err