procfs: Don't try to validate the uid/gid of /proc

I typically develop inside a https://github.com/containers/toolbox/
container.  In this scenario:

```
$ ls -ald /proc
dr-xr-xr-x. 526 nobody nobody 0 Jan 12 14:47 /proc
$
```

And that's expected and normal; the real root uid from outside
the user namespace is mapped to `nobody`; distinct from the uid 0
inside the userns.

Honestly, I am still somewhat skeptical of the value of all of
these checks.  We're already validating that `/proc`'s filesystem
magic is `PROC_SUPER_MAGIC` - that seems really more than sufficient.

Author: cgwalters

src/io/procfs.rs

@@ -35,6 +35,7 @@ const PROC_ROOT_INO: u64 = 1;
 
 // Identify an entry within "/proc", to determine which anomalies to
 // check for.
+#[derive(Debug)]
 enum Kind {
     Proc,
     Pid,
@@ -72,9 +73,13 @@ fn check_proc_entry_with_stat(
         Kind::File => check_proc_file(&entry_stat, proc_stat)?,
     }
 
-    // Check the ownership of the directory.
-    if (entry_stat.st_uid, entry_stat.st_gid) != (uid, gid) {
-        return Err(io::Error::NOTSUP);
+    // Check the ownership of the directory.  We can't do that for the toplevel /proc
+    // though, because in e.g. a user namespace scenario, root outside the container
+    // may be mapped to another uid like `nobody`.
+    if !matches!(kind, Kind::Proc) {
+        if (entry_stat.st_uid, entry_stat.st_gid) != (uid, gid) {
+            return Err(io::Error::NOTSUP);
+        }
     }
 
     // "/proc" directories are typically mounted r-xr-xr-x.

tests/io/main.rs

@@ -20,6 +20,8 @@ mod isatty;
 mod mmap;
 #[cfg(not(windows))]
 mod poll;
+#[cfg(all(feature = "procfs", any(target_os = "android", target_os = "linux")))]
+mod procfs;
 #[cfg(not(windows))]
 mod prot;
 #[cfg(not(windows))]

tests/io/procfs.rs

@@ -0,0 +1,8 @@
+use io_lifetimes::raw::AsRawFilelike;
+
+#[test]
+fn test_proc_self() {
+    // Verify that this API works at all
+    let fd = rustix::io::proc_self_fd().unwrap();
+    assert_ne!(fd.as_raw_filelike(), 0);
+}