Our handling of user namespaces is more complex than it needs to be.
This simplifies the handling by identifying and entering (or creating)
the correct userns earlier, so that later code doesn't need to deal
with it any more.

Along the way we make a number of other cleanups to handling of userns
and setting our user and group.

This is based on my earlier test command dispatch and performance test
cleanup series.

Changes since v2:
 * Correction to man page to match behaviour change in 10/10
 * Minor changes to spacing and wording of comments
Changes since v1:
 * Fixed overenthusiastic pruning of #includes when moving the
   self-isolation code which broke compile on some distro versions

David Gibson (10):
  Don't store UID & GID persistently in the context structure
  Split checking for root from dropping root privilege
  Consolidate determination of UID/GID to run as
  Safer handling if we can't open /proc/self/uid_map
  Move self-isolation code into a separate file
  Consolidate validation of pasta namespace options
  Clean up and rename conf_ns_open()
  Correctly handle --netns-only in pasta_start_ns()
  Handle userns isolation and dropping root at the same time
  Allow --userns when pasta spawns a command

 Makefile    |   8 +-
 conf.c      | 236 ++++++++++++++++++++++++++--------------------------
 isolation.c | 210 ++++++++++++++++++++++++++++++++++++++++++++++
 isolation.h |  15 ++++
 passt.1     |   7 +-
 passt.c     | 116 +-------------------------
 passt.h     |   9 --
 pasta.c     |  91 ++++++++++++--------
 pasta.h     |   1 +
 util.c      |  83 ------------------
 util.h      |   2 -
 11 files changed, 412 insertions(+), 366 deletions(-)
 create mode 100644 isolation.c
 create mode 100644 isolation.h

-- 
2.37.3