chromeos-kernel-3.8 lacks support for cgroup namespace, which means `miniajail0 -N` will abort at runtime. We should consider a few potential actions:
1. Audit existing usages of cgroup namespace in Chrome OS to see if they run on kernel 3.8 and are affected by this issue
2. Backport cgroup namespace support to 3.8, where the benefit may or may not justify the effort
3. Modify minijail to handle lack of cgroup namespace more gracefully
4. Document the disparities in namespace support (and other security features) among different kernel versions
5. Explicitly specify security features in the build process (e.g. using USE flags and conditional RDEPENDs cgroup_namespace? (>=chromeos-kernel-3.14))
It also raises an interesting question on how we should tackle disparities of security features among different versions of kernel in a long run. The disparities may exist for practical reasons, so we may need to live with that. However, it'd be crucial to have some mechanisms to identify and catch inappropriate assumptions on security features available on a system.