This was not caught before because a test was missing, fprintf() without ferror()
didn't help, and calling code did not depend on uid maps so far.
Add tests.
We would not free 'concat_path' in all potential paths.
Also, the iteration would not continue potentially.
This was case unlikely to be hit in practise.
clone3() is used more and more, but we cannot filter it. We can either
allow it fully or return ENONYS. Some libraries perform fallbacks to the
older clone() in that case, which we can filter again.
Especially with exile_launch(), we will be included
from more than one translation unit. Thus, ODR becomes
a headache now.
So move definitions to exile.c.
Those functions clone(), then activate the specified policy.
They then jump to the supplied function and pass an argument to it.
exile_launch() returns a read file descriptor, that can be
used by the parent process to get the data.
exile_launch_get() is a convenience wrapper, return a buffer
containing everything read from the sandboxed function.
Certain functions can fail before we execute exile_enable_policy().
While the return code should be checked, it's easily forgotten. For
most users, checking just the exile_enable_policy() return code
should suffice.
exile_append_path_policies(): Add check whether a path exists. If not,
set the error flag.
This also allows an early exit, allowing to cleanly handle the case
when a path does not exist. Previously, this was only caught
during activation, and a failure there is generally undefined.
We mounted after creating dirs, this was potentially problematic
for the next path policy to follow.
Perform two passes on the path_policies list, first creates all
dirs, second does the mounts.
