Possibly unnecessary SYS_ADMIN capability needed by JailUtil.cpp

[Juma7C9]

As currently implemented (commits 85eaec2, 9e2504b), the unshare(2) call inside enterMountingNS() uses the CLONE_NEWNS flag, which requires the SYS_ADMIN capability.

online/common/JailUtil.cpp

Line 66 in df06155

if (unshare(CLONE_NEWNS | CLONE_NEWUSER) != 0)

This may be avoided by breaking the call into two distinct ones, i.e. unshare(CLONE_NEWUSER) followed by unshare(CLONE_NEWNS), as the first one creates a new namespace into which the user is automatically granted all capabilities, which allows to create a new namespace without requiring additional capabilities in the original one (see this old-ish blog post for a similar solution).

I don't know if such a change could be acceptable within the current architecture, but hopefully could help getting rid of the SYS_ADMIN capability requirement, if not needed elsewhere.

[caolanm]

that might be worth trying out, I'll have a poke at it

[caolanm]

merged to online master, lets see how it goes