User namespaces again: Nix tests fail on Oracle Linux 7

[unsatcore]

Hi,

this one is similar to #1625 and is related to #1797.

When upgrading Nix on OL7 several tests fail because of unavailable user namespaces.
The kernel is compiled with CONFIG_USER_NS=y but the feature is disabled at grub level.
canUseSandbox fails to detect that because of

nix/tests/common.sh.in

Line 97 in 966407b

if [ -e /proc/sys/kernel/unprivileged_userns_clone ]; then

My understanding this is a Debian-specific way(?).
The file simply doesn't exist on RHEL-derivatives leading to incorrect result of the check.

The simplest workaround would be to simply invert the condition, perhaps?

I'm not aware if there is a more portable way to check for user namespaces availability.
Well, except of brute-force - compile and run a simple C program using unshare/clone - which is not very elegant.

[coretemp]

@algebriac 👍 on the brute-force method.

[veprbl]

There is an userspace utility unshare(1): https://linux.die.net/man/1/unshare