Revert "shim: Fix running rootless on Linux"

This reverts commit c94e788.

Author: vvoland

internal/shim/manager/manager_unix.go

@@ -25,6 +25,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	goruntime "runtime"
 	"strconv"
 	"strings"
 	"syscall"
@@ -183,12 +184,17 @@ func (manager) Start(ctx context.Context, id string, opts shim.StartOpts) (_ shi
 		cmd.ExtraFiles = append(cmd.ExtraFiles, s.f)
 	}
 
-	cloneMntNs(cmd)
+	goruntime.LockOSThread()
+	if err := setupMntNs(); err != nil {
+		return params, err
+	}
 
 	if err := cmd.Start(); err != nil {
 		return params, err
 	}
 
+	goruntime.UnlockOSThread()
+
 	defer func() {
 		if retErr != nil {
 			cmd.Process.Kill()

internal/shim/manager/mount_linux.go

@@ -17,44 +17,28 @@
 package manager
 
 import (
-	"os"
-	"os/exec"
-	"syscall"
+	"fmt"
+
+	"golang.org/x/sys/unix"
 )
 
-// cloneMntNs configures the child command to start in a new user + mount
-// namespace. The user namespace provides mount isolation and grants the
-// child capabilities within it, without requiring or granting real host
-// capabilities. User namespaces are available unprivileged on many
-// distros (since Linux 3.8), but some may gate them via sysctl (e.g.
-// kernel.unprivileged_userns_clone).
-//
-// For a VM-based runtime like nerdbox, the shim does not need real host
-// root — it needs /dev/kvm access (checked against mapped host UID) and
-// file access (same user). The user namespace is defense-in-depth: it
-// limits the shim's host-level capabilities even when the daemon runs as
-// root.
-//
-// We use clone flags instead of unshare(2) because unshare(CLONE_NEWUSER)
-// requires the calling process to be single-threaded, which is not
-// possible in a Go program (the runtime uses multiple OS threads).
-//
-// The new mount namespace inherits copies of the parent's mounts with
-// the same propagation flags. The shim performs rootfs mounts (overlay /
-// bind) inside this namespace. On hosts where / is shared, those mounts
-// could in theory propagate back. Because the child also runs in a user
-// namespace, it cannot remount / as MS_SLAVE. In practice this is safe:
-// the mounts are into bundle-specific paths that are cleaned up on
-// container delete, and the VM itself performs all container-visible
-// filesystem setup.
-func cloneMntNs(cmd *exec.Cmd) {
-	uid := os.Getuid()
-	gid := os.Getgid()
-	cmd.SysProcAttr.Cloneflags |= syscall.CLONE_NEWUSER | syscall.CLONE_NEWNS
-	cmd.SysProcAttr.UidMappings = []syscall.SysProcIDMap{
-		{ContainerID: uid, HostID: uid, Size: 1},
+func setupMntNs() error {
+	err := unix.Unshare(unix.CLONE_NEWNS)
+	if err != nil {
+		return err
 	}
-	cmd.SysProcAttr.GidMappings = []syscall.SysProcIDMap{
-		{ContainerID: gid, HostID: gid, Size: 1},
+
+	err = unix.Mount("", "/", "", unix.MS_REC|unix.MS_SLAVE, "")
+	if err != nil {
+		err = fmt.Errorf("failed to mount with slave: %v", err)
+		return err
 	}
+
+	err = unix.Mount("", "/", "", unix.MS_REC|unix.MS_SHARED, "")
+	if err != nil {
+		err = fmt.Errorf("failed to mount with shared: %v", err)
+		return err
+	}
+
+	return nil
 }

internal/shim/manager/mount_other.go

@@ -18,6 +18,6 @@
 
 package manager
 
-import "os/exec"
-
-func cloneMntNs(_ *exec.Cmd) {}
+func setupMntNs() error {
+	return nil
+}