replace some nsexec stage-2 c code with go implemention

Signed-off-by: lifubang <[email protected]>

Author: lifubang

libcontainer/init_linux.go

@@ -222,6 +222,24 @@ func startInitialization() (retErr error) {
 		return err
 	}
 
+	if _, err := unix.Setsid(); err != nil {
+		return os.NewSyscallError("setsid", err)
+	}
+
+	if err := unix.Setuid(0); err != nil {
+		return os.NewSyscallError("setuid", err)
+	}
+
+	if err := unix.Setgid(0); err != nil {
+		return os.NewSyscallError("setgid", err)
+	}
+
+	if !config.Config.RootlessEUID && requiresRootOrMappingTool(config.Config.GIDMappings) {
+		if err := unix.Setgroups([]int{0}); err != nil {
+			return os.NewSyscallError("setgroups", err)
+		}
+	}
+
 	// If init succeeds, it will not return, hence none of the defers will be called.
 	return containerInit(it, &config, syncPipe, consoleSocket, pidfdSocket, fifoFile, logPipe)
 }

libcontainer/nsenter/nsexec.c

@@ -782,20 +782,6 @@ void nsexec(void)
 			prctl(PR_SET_NAME, (unsigned long)"runc:[2:INIT]", 0, 0, 0);
 			write_log(DEBUG, "~> nsexec stage-2");
 
-			if (setsid() < 0)
-				bail("setsid failed");
-
-			if (setuid(0) < 0)
-				bail("setuid failed");
-
-			if (setgid(0) < 0)
-				bail("setgid failed");
-
-			if (!config.is_rootless_euid && config.is_setgroup) {
-				if (setgroups(0, NULL) < 0)
-					bail("setgroups failed");
-			}
-
 			close(syncfd);
 
 			/* Free netlink data. */