mmm, crap.  i think we've been telling people to use this more.  having every init script test for it doesn't scale.

Jorge: how do you feel about making namespace options not fail in minijail when they see EINVAL ?

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/47ec72b4cf358ebe5bc2abf0eaca4100d1a2d8fc

commit 47ec72b4cf358ebe5bc2abf0eaca4100d1a2d8fc
Author: Ben Chan <benchan@chromium.org>
Date: Tue Jun 06 01:33:58 2017

cros-disks: disable cgroup namespace for FUSE mounters

Chrome OS kernel 3.8 doesn't cgroup namespace, so this CL temporarily
disables cgroup namespace for FUSE mounters.

BUG= chromium:729372 
TEST=Run platform_CrosDisksFilesystem tests on devices with kernel 3.8.

Change-Id: I7c7ed7ac4e1b4fa1bfd32d29c11c496162ccbfe3
Reviewed-on: https://chromium-review.googlesource.com/523017
Commit-Ready: Ben Chan <benchan@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/47ec72b4cf358ebe5bc2abf0eaca4100d1a2d8fc/cros-disks/fuse_mounter.cc

Not sure we want to fail open on old kernels. cgroup namespaces are not currently the cornerstone of our isolation story but for the container case where we run a system (like Android or Linux with systemd) that uses cgroups extensively, I do think we want to partition that and know if we're somehow regressing.

Maybe we add a compile-time flag for namespace soft-fail (or maybe a subset of the new namespaces, like user and cgroup). Might be better than a run-time setting.

if it were a compile time flag, i think effectively we'd turn it on everywhere in CrOS

looking a bit more, CLONE_NEWCGROUP was added upstream in v4.6.  but we backported it to v4.4, v3.18, and v3.14.  that means both v3.8 and v3.10 lack support, but that's in line with our current Android/container plans -- we require v3.14+.

that leaves us with what to do about daemons in general.  currently it means we can't use cgroups namespaces.  i don't think hacking the kernel to stub/ignore this flag is a good idea as then userspace will stomp in the cgroup namespace thinking it has a unique view.  we could add a flag to minijail like --ignore-missing-cgroup and then just remember that every time we use -N, we also have to pass in that flag.

I don't mind adding a cmdline option to soft-fail cgroup namespaces.

+josafat for merge to M60

Your change meets the bar and is auto-approved for M60. Please go ahead and merge the CL to branch 3112 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/5e7e672fa066f8d2650281d9a7d7891f0f680d0e

commit 5e7e672fa066f8d2650281d9a7d7891f0f680d0e
Author: Ben Chan <benchan@chromium.org>
Date: Wed Jun 07 03:52:45 2017

cros-disks: disable cgroup namespace for FUSE mounters

Chrome OS kernel 3.8 doesn't cgroup namespace, so this CL temporarily
disables cgroup namespace for FUSE mounters.

BUG= chromium:729372 
TEST=Run platform_CrosDisksFilesystem tests on devices with kernel 3.8.

Change-Id: I7c7ed7ac4e1b4fa1bfd32d29c11c496162ccbfe3
Reviewed-on: https://chromium-review.googlesource.com/523017
Commit-Ready: Ben Chan <benchan@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
(cherry picked from commit 47ec72b4cf358ebe5bc2abf0eaca4100d1a2d8fc)
Reviewed-on: https://chromium-review.googlesource.com/525055
Reviewed-by: Ben Chan <benchan@chromium.org>
Commit-Queue: Ben Chan <benchan@chromium.org>

[modify] https://crrev.com/5e7e672fa066f8d2650281d9a7d7891f0f680d0e/cros-disks/fuse_mounter.cc