TheLinuxSUIDSandbox currently relies on support for theCLONE_NEWPID flag in Linux'sclone() system call. You can check whether your system supports PID namespaces with the code below, which must be run as root:
#define _GNU_SOURCE#include<unistd.h>#include<sched.h>#include<stdio.h>#include<sys/wait.h>#if !defined(CLONE_NEWPID)#define CLONE_NEWPID0x20000000#endifint worker(void* arg){constpid_t pid= getpid();if(pid==1){ printf("PID namespaces are working\n");}else{ printf("PID namespaces ARE NOT working. Child pid: %d\n", pid);}return0;}int main(){if(getuid()){ fprintf(stderr,"Must be run as root.\n");return1;}charstack[8192];constpid_t child= clone(worker,stack+sizeof(stack), CLONE_NEWPID, NULL);if(child==-1){ perror("clone"); fprintf(stderr,"Clone failed. PID namespaces ARE NOT supported\n");} waitpid(child, NULL,0);return0;}