kerndat: Skip clone3(set_tid) when unprivileged.

[osctobe]

A set of fixes for kerndat tests and a few debug logging improvements.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (cda1c5c) 70.51% compared to head (e2ae63e) 70.50%.

:exclamation: Current head e2ae63e differs from pull request most recent head ff088a7. Consider uploading reports for the commit ff088a7 to get more accurate results

Additional details and impacted files

```diff @@ Coverage Diff @@ ## criu-dev #2252 +/- ## ============================================ - Coverage 70.51% 70.50% -0.01% ============================================ Files 133 133 Lines 33534 33534 ============================================ - Hits 23646 23643 -3 - Misses 9888 9891 +3 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[Snorch]

Hello @avagin and @osctobe, I had one idea, which I like a lot, but guys in mainstream Linux faced it with total silence.

The idea was to allow clone3 syscall to alter owner user namespace of newly created namespaces (e.g. new pid namespace owner if CLONE_NEWPID is specified). https://lore.kernel.org/all/20210402155131.119872-1-ptikhomirov@virtuozzo.com/

This way using clone3 CRIU is able to create all restored processes in topmost user namespace available, while preserving namespace ownership topology. So at each clone3 call we would have all permissions needed by clone3_set_tid functionality. (Later we can switch to proper user namespace for each process to also preserve task's user namespaces.)

I believe my fix would help in this case too. @osctobe Can you, please, give it a try on your environment?

[github-actions[bot]]

A friendly reminder that this PR had no activity for 30 days.