From c3dcb98076aae7995771b8cd955a50cd2fef1a9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Mon, 21 Oct 2024 16:46:49 -0400
Subject: [PATCH] incusd/instance/lxc: Fix off by one idmap check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #1294

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
---
 internal/server/instance/drivers/driver_lxc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/server/instance/drivers/driver_lxc.go b/internal/server/instance/drivers/driver_lxc.go
index a33aadbb954..0a1d7668d0a 100644
--- a/internal/server/instance/drivers/driver_lxc.go
+++ b/internal/server/instance/drivers/driver_lxc.go
@@ -617,7 +617,7 @@ func (d *lxc) findIdmap() (*idmap.Set, int64, error) {
 		offset = mapentries.Entries[i].HostID + mapentries.Entries[i].MapRange
 	}
 
-	if offset+size < d.state.OS.IdmapSet.Entries[0].HostID+d.state.OS.IdmapSet.Entries[0].MapRange {
+	if offset+size <= d.state.OS.IdmapSet.Entries[0].HostID+d.state.OS.IdmapSet.Entries[0].MapRange {
 		set, err := mkIdmap(offset, size)
 		if err != nil && err == idmap.ErrHostIDIsSubID {
 			return nil, 0, err