critest is used in projects like containerd, that test against older
distros (like AlmaLinux 8). In those distros, CI will fail when we
upgrade to runc 1.2.0.

With runc 1.1 those test don't fail because runc doesn't support idmap
mounts and the tests are skipped in that case. But with runc 1.2.0-rc.2,
that supports idmap mounts, the tests are not skipped but fail on
distros with older kernels that don't support idmap mounts.

This commit just tries to detect if the path used for the container
rootfs supports idmap mounts. To do that it uses the Status() message
from CRI with verbose param set to true. It parses the output that
containerd sets (it's quite unspecified that field), and otherwise
fallbacks to "/var/lib" as the path to test idmap mounts support.

Signed-off-by: Rodrigo Campos <[email protected]>

Sascha suggested to run this only once. Let's cache the answer from the
runtime and move the tests that need idmap mounts on the host to
`When("Host idmap mount support is needed"`.

While we split the tests in that way, let's just query idmap mount
support for the tests that need it, using the cache.

Signed-off-by: Rodrigo Campos <[email protected]>

containerd creates a userns and inside there, it runs the critest tool.
However, in that setup, the length of containerd's userns is not the
whole UID space.

Let's verify that the length of the userns inside the pod, when we
created it with NamespaceMode_NODE (IOW, when not using a new userns for
the pod) is the same as outside the pod.

This works fine when contained itself runs inside a userns.

Signed-off-by: Rodrigo Campos <[email protected]>