libcontainer/configs/validate: improve rootlessEUIDMount

1. Avoid splitting mount data into []string if it does not contain
   options we're interested in. This should result in slightly less
   garbage to collect.

2. Use if / else if instead of continue, to make it clearer that
   we're processing one option at a time.

3. Print the whole option as a sting in an error message; practically
   this should not have any effect, it's just simpler.

Signed-off-by: Kir Kolyshkin <[email protected]>

Author: kolyshkin

libcontainer/configs/validate/rootless.go

@@ -55,6 +55,9 @@ func rootlessEUIDMount(config *configs.Config) error {
 	for _, mount := range config.Mounts {
 		// Check that the options list doesn't contain any uid= or gid= entries
 		// that don't resolve to root.
+		if !strings.Contains(mount.Data, "id=") {
+			continue
+		}
 		for _, opt := range strings.Split(mount.Data, ",") {
 			if str, ok := strings.CutPrefix(opt, "uid="); ok {
 				uid, err := strconv.Atoi(str)
@@ -63,18 +66,16 @@ func rootlessEUIDMount(config *configs.Config) error {
 					continue
 				}
 				if _, err := config.HostUID(uid); err != nil {
-					return fmt.Errorf("cannot specify uid=%d mount option for rootless container: %w", uid, err)
+					return fmt.Errorf("cannot specify %s mount option for rootless container: %w", opt, err)
 				}
-				continue
-			}
-			if str, ok := strings.CutPrefix(opt, "gid="); ok {
+			} else if str, ok := strings.CutPrefix(opt, "gid="); ok {
 				gid, err := strconv.Atoi(str)
 				if err != nil {
 					// Ignore unknown mount options.
 					continue
 				}
 				if _, err := config.HostGID(gid); err != nil {
-					return fmt.Errorf("cannot specify gid=%d mount option for rootless container: %w", gid, err)
+					return fmt.Errorf("cannot specify %s mount option for rootless container: %w", opt, err)
 				}
 			}
 		}