diff --git a/util/libcontainer_specconv/example.go b/util/libcontainer_specconv/example.go
index 6ca1e06d..352ef455 100644
--- a/util/libcontainer_specconv/example.go
+++ b/util/libcontainer_specconv/example.go
@@ -83,7 +83,7 @@ func ToRootlessWithContext(ctx RootlessContext, spec *specs.Spec, opts *Rootless
 
 	// Add mappings for the current user.
 	if ctx.InUserNS {
-		uNextContainerID := 0
+		uNextContainerID := int64(0)
 		sort.Sort(idmapSorter(ctx.UIDMap))
 		for _, uidmap := range ctx.UIDMap {
 			spec.Linux.UIDMappings = append(spec.Linux.UIDMappings,
@@ -94,7 +94,7 @@ func ToRootlessWithContext(ctx RootlessContext, spec *specs.Spec, opts *Rootless
 				})
 			uNextContainerID += uidmap.Count
 		}
-		gNextContainerID := 0
+		gNextContainerID := int64(0)
 		sort.Sort(idmapSorter(ctx.GIDMap))
 		for _, gidmap := range ctx.GIDMap {
 			spec.Linux.GIDMappings = append(spec.Linux.GIDMappings,
@@ -118,7 +118,7 @@ func ToRootlessWithContext(ctx RootlessContext, spec *specs.Spec, opts *Rootless
 			Size:        1,
 		}}
 		if opts.MapSubUIDGID {
-			uNextContainerID := 1
+			uNextContainerID := int64(1)
 			sort.Sort(subIDSorter(ctx.SubUIDs))
 			for _, subuid := range ctx.SubUIDs {
 				spec.Linux.UIDMappings = append(spec.Linux.UIDMappings,
@@ -129,7 +129,7 @@ func ToRootlessWithContext(ctx RootlessContext, spec *specs.Spec, opts *Rootless
 					})
 				uNextContainerID += subuid.Count
 			}
-			gNextContainerID := 1
+			gNextContainerID := int64(1)
 			sort.Sort(subIDSorter(ctx.SubGIDs))
 			for _, subgid := range ctx.SubGIDs {
 				spec.Linux.GIDMappings = append(spec.Linux.GIDMappings,
diff --git a/vendor.conf b/vendor.conf
index 0fcd61ad..1bfc41ba 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -18,7 +18,7 @@ github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef
 github.com/golang/protobuf v1.1.0
 github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b
 github.com/opencontainers/image-spec v1.0.1
-github.com/opencontainers/runc 0e561642f81e84ebd0b3afd6ec510c75a2ccb71b
+github.com/opencontainers/runc ad0f5255060d36872be04de22f8731f38ef2d7b1
 github.com/Microsoft/go-winio v0.4.7
 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
 github.com/opencontainers/runtime-spec v1.0.1
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/rootless.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/rootless.go
index e532ac8f..8c3954ce 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/rootless.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/rootless.go
@@ -43,13 +43,12 @@ func rootlessMappings(config *configs.Config) error {
 		if !config.Namespaces.Contains(configs.NEWUSER) {
 			return fmt.Errorf("rootless containers require user namespaces")
 		}
-	}
-
-	if len(config.UidMappings) == 0 {
-		return fmt.Errorf("rootless containers requires at least one UID mapping")
-	}
-	if len(config.GidMappings) == 0 {
-		return fmt.Errorf("rootless containers requires at least one GID mapping")
+		if len(config.UidMappings) == 0 {
+			return fmt.Errorf("rootless containers requires at least one UID mapping")
+		}
+		if len(config.GidMappings) == 0 {
+			return fmt.Errorf("rootless containers requires at least one GID mapping")
+		}
 	}
 
 	return nil
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
index 8d353d98..a4ae8901 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go
@@ -123,8 +123,8 @@ func UIDMapInUserNS(uidmap []user.IDMap) bool {
 }
 
 // GetParentNSeuid returns the euid within the parent user namespace
-func GetParentNSeuid() int {
-	euid := os.Geteuid()
+func GetParentNSeuid() int64 {
+	euid := int64(os.Geteuid())
 	uidmap, err := user.CurrentProcessUIDMap()
 	if err != nil {
 		// This kernel-provided file only exists if user namespaces are supported
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
index 37993da8..7b912bbf 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go
@@ -78,15 +78,15 @@ func groupFromOS(g *user.Group) (Group, error) {
 // SubID represents an entry in /etc/sub{u,g}id
 type SubID struct {
 	Name  string
-	SubID int
-	Count int
+	SubID int64
+	Count int64
 }
 
 // IDMap represents an entry in /proc/PID/{u,g}id_map
 type IDMap struct {
-	ID       int
-	ParentID int
-	Count    int
+	ID       int64
+	ParentID int64
+	Count    int64
 }
 
 func parseLine(line string, v ...interface{}) {
@@ -113,6 +113,8 @@ func parseParts(parts []string, v ...interface{}) {
 		case *int:
 			// "numbers", with conversion errors ignored because of some misbehaving configuration files.
 			*e, _ = strconv.Atoi(p)
+		case *int64:
+			*e, _ = strconv.ParseInt(p, 10, 64)
 		case *[]string:
 			// Comma-separated lists.
 			if p != "" {
@@ -122,7 +124,7 @@ func parseParts(parts []string, v ...interface{}) {
 			}
 		default:
 			// Someone goof'd when writing code using this function. Scream so they can hear us.
-			panic(fmt.Sprintf("parseLine only accepts {*string, *int, *[]string} as arguments! %#v is not a pointer!", e))
+			panic(fmt.Sprintf("parseLine only accepts {*string, *int, *int64, *[]string} as arguments! %#v is not a pointer!", e))
 		}
 	}
 }