Set up /var/empty and allow userns
Future changes will allow crosvm/cuttlefish to run inside the image, so
set up /var/empty and allow any user to create user namespaces to allow
minijail sandboxing to work properly.
Change-Id: I76dca567cfa2903c545194c197304508472df9c1
diff --git a/net/test/rootfs/stage2.sh b/net/test/rootfs/stage2.sh
index 4fbd15e..bb35b78 100755
--- a/net/test/rootfs/stage2.sh
+++ b/net/test/rootfs/stage2.sh
@@ -43,6 +43,12 @@
echo "127.0.1.1 debian" >>/etc/hosts
echo debian >/etc/hostname
+# Support chroot jailing with minijail
+cat >/etc/sysctl.d/80-nsjail.conf <<EOF
+kernel.unprivileged_userns_clone=1
+EOF
+mkdir -p /var/empty
+
# Clean up any other junk created by the imaging process
rm -rf /root/stage2.sh /tmp/*
find /var/log -type f -exec rm -f '{}' ';'