Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.
The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.
Signed-off-by: Liron Levin <liron@twistlock.com>
On redhat based distribution, checking that USER_NS is compiled in the
kernel is not sufficient, we also have to check that the feature as
been enabled.
With this commit, it is now done by checking the content of
`/sys/module/user_namespace/parameters/enable`.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Liron Levin