Fixes bug #21226.
Linux 3.19 introduced a fix for a security vulnerability in user namespaces.
This fix introduced a new proc file called 'setgroups' and was backported to
many older kernels. However, some users run a kernel that is new enough to
support user namespaces yet old enough to not include the patch, so we must
skip the tests.
* tests/containers.scm: Skip all tests if /proc/self/setgroups does not exist.
It's not always possible to map 65536 uids when creating a container as the
root user within another user namespace. This is true when building Guix
within the build daemon's container. By using a uid range of 1 by default,
even as the root user, the tests now pass.
* gnu/build/linux-container.scm (initialize-user-namespace, run-container):
Add 'host-uids' argument.
(call-with-container): Add #:host-uids keyword argument.
* tests/containers.scm ("container-excursion"): Update 'run-container' call.
* gnu/build/linux-container.scm: New file.
* gnu-system.am (GNU_SYSTEM_MODULES): Add it.
* .dir-locals.el: Add Scheme indent rules for 'call-with-container', and
'container-excursion'.
* tests/containers.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
