internal: proc: do not join the process user namespace

The below vulnerabilities are fixed by backporting upstream patches.

CVE-2022-1227: | A privilege escalation flaw was found in Podman. This flaw allows an | attacker to publish a malicious image to a public registry. Once this | image is downloaded by a potential victim, the vulnerability is triggered | after a user runs the 'podman top' command. This action gives the attacker | access to the host filesystem, leading to information disclosure or denial | of service.

The only reason we joined the process user namespace was to map a handful of fields into the same usernamepsace as that process. This procedure can be implemented entirely in Go without having to run code inside the container.

In addition, since psgo is used inside "podman top", we were actually executing the nsenter binary from the container without all of the container's security profiles applied. At the very least this would allow a container process to return bad data to psgo (possibly confusing management scripts using psgo) and at the very worst it would allow the container process to escalate privileges by getting podman to execute code without all of the container security profiles applied.

Fixes: CVE-2022-1227

(backported from upstream commit d9466da9f563a9de1ece79dcae86b37b1db75443)

Signed-off-by: Vignesh Raman vignesh.raman@collabora.com