From 57d4b8e4d3586446d3e686a0ba01c2cbb4cdfbc6 Mon Sep 17 00:00:00 2001
From: phlax <phlax@users.noreply.github.com>
Date: Mon, 22 Feb 2021 23:28:57 +0000
Subject: [PATCH] container: Only drop privs if user is root (#15115)

Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Shikugawa <rei@tetrate.io>
---
 ci/docker-entrypoint.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ci/docker-entrypoint.sh b/ci/docker-entrypoint.sh
index 6e584d37e3d70..b778560db0f35 100755
--- a/ci/docker-entrypoint.sh
+++ b/ci/docker-entrypoint.sh
@@ -2,6 +2,8 @@
 set -e
 
 loglevel="${loglevel:-}"
+USERID=$(id -u)
+
 
 # if the first argument look like a parameter (i.e. start with '-'), run Envoy
 if [ "${1#-}" != "$1" ]; then
@@ -15,7 +17,7 @@ if [ "$1" = 'envoy' ]; then
 	fi
 fi
 
-if [ "$ENVOY_UID" != "0" ]; then
+if [ "$ENVOY_UID" != "0" ] && [ "$USERID" = 0 ]; then
     if [ -n "$ENVOY_UID" ]; then
 	usermod -u "$ENVOY_UID" envoy
     fi