Skip tests on systems with restricted usernamespaces (backport #12051)

[mergify]

Depends on #12050

This makes ci pass: https://github.com/NixOS/nix/actions/runs/12329995455/job/34414955507?pr=12051
even on systems that have restricted usernamespaces: 6642863

---

This is an automatic backport of pull request #12051 done by Mergify.

[mergify]

Cherry-pick of da7f7ba has failed:

On branch mergify/bp/2.24-maintenance/pr-12051
Your branch is up to date with 'origin/2.24-maintenance'.

You are currently cherry-picking commit da7f7ba81.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   tests/functional/build-remote-trustless-should-fail-0.sh
	modified:   tests/functional/build-remote-trustless.sh
	modified:   tests/functional/build-remote.sh
	modified:   tests/functional/chroot-store.sh
	modified:   tests/functional/linux-sandbox.sh
	modified:   tests/functional/local-overlay-store/bad-uris.sh
	modified:   tests/functional/local-overlay-store/common.sh
	modified:   tests/functional/nested-sandboxing.sh
	modified:   tests/functional/nested-sandboxing/command.sh
	modified:   tests/functional/shell.sh

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   tests/functional/common/vars-and-functions.sh
	both modified:   tests/functional/supplementary-groups.sh

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[bryango]

@Mic92 I have verified such changes do work on my machine.

[bryango]

Suggested change

	<<<<<<< HEAD:tests/functional/common/vars-and-functions.sh
	fi # COMMON_VARS_AND_FUNCTIONS_SH_SOURCED
	=======
	requiresUnprivilegedUserNamespaces() {
	if [[ -f /proc/sys/kernel/apparmor_restrict_unprivileged_userns ]] && [[ $(< /proc/sys/kernel/apparmor_restrict_unprivileged_userns) -eq 1 ]]; then
	skipTest "Unprivileged user namespaces are disabled. Run 'sudo sysctl -w /proc/sys/kernel/apparmor_restrict_unprivileged_userns=0' to allow, and run these tests."
	fi
	}
	execUnshare () {
	requiresUnprivilegedUserNamespaces
	exec unshare --mount --map-root-user "$SHELL" "$@"
	}
	fi # COMMON_FUNCTIONS_SH_SOURCED
	>>>>>>> da7f7ba81 (functional-tests: skip tests if the kernel restricts unprivileged user namespaces):tests/functional/common/functions.sh
	requiresUnprivilegedUserNamespaces() {
	if [[ -f /proc/sys/kernel/apparmor_restrict_unprivileged_userns ]] && [[ $(< /proc/sys/kernel/apparmor_restrict_unprivileged_userns) -eq 1 ]]; then
	skipTest "Unprivileged user namespaces are disabled. Run 'sudo sysctl -w /proc/sys/kernel/apparmor_restrict_unprivileged_userns=0' to allow, and run these tests."
	fi
	}
	execUnshare () {
	requiresUnprivilegedUserNamespaces
	exec unshare --mount --map-root-user "$SHELL" "$@"
	}
	fi # COMMON_VARS_AND_FUNCTIONS_SH_SOURCED

[bryango]

Suggested change

	<<<<<<< HEAD
	unshare --mount --map-root-user bash <<EOF
	=======
	execUnshare <<EOF
	>>>>>>> da7f7ba81 (functional-tests: skip tests if the kernel restricts unprivileged user namespaces)
	execUnshare <<EOF