> void do_unshare(void)
> {
> FILE *f;
> uid_t uid = geteuid();
> gid_t gid = getegid();
> unshare(CLONE_NEWNS|CLONE_NEWUSER);
> f = fopen("/proc/self/uid_map", "w");
> fprintf(f, "0 %d 1", uid);
> fclose(f);
> f = fopen("/proc/self/setgroups", "w");
> fprintf(f, "deny");
> fclose(f);
> f = fopen("/proc/self/gid_map", "w");
> fprintf(f, "0 %d 1", gid);
> fclose(f);
> mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL);
> }
This obviously needs error checking - in this form it won't do
anything good without userns enabled (coredump on the first
fprintf() in there, since there won't be /proc/self/uid_map);
should probably just report CLONE_NEWUSER failure, warn about
skipped tests, fall back to unshare(CLONE_NEWNS) and skip
everything in in_child()...
