internal/pkg: allow user namespace creation

No good reason to filter this in the execArtifact container, and the extended filter breaks certain programs.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/pkg/exec.go

@@ -290,7 +290,7 @@ func (a *execArtifact) cure(f *FContext, hostNet bool) (err error) {
 
 	z := container.New(ctx, f.GetMessage())
 	z.WaitDelay = execWaitDelay
-	z.SeccompPresets |= std.PresetStrict
+	z.SeccompPresets |= std.PresetStrict & ^std.PresetDenyNS
 	z.ParentPerm = 0700
 	z.HostNet = hostNet
 	z.Hostname = "cure"

internal/rosa/python.go

@@ -20,10 +20,9 @@ func (t Toolchain) NewPython() pkg.Artifact {
 		"test_urllibnet",
 		"test_urllib2net",
 
-		// hits std.PresetExt ruleset
+		// makes assumptions about uid_map/gid_map
 		"test_os",
-		"test_posix",
-		"test_shutil",
+		"test_subprocess",
 
 		// somehow picks up mtime of source code
 		"test_zipfile",