criu restore: defer /proc setup for userns with shared mntns

[Krishna-cell-12]

Problem
Restore fails with:
Unable to open the proc file system: Operation not permitted

when restoring a task that:
runs in a new user namespace, and
shares the host mount namespace.
CRIU attempts to open /proc too early, before the root task exists in the correct namespace context.

Solution
Detect root namespace configuration early using task namespace IDs.
Defer /proc opening in restore_root_task() when restoring:
CLONE_NEWUSER without CLONE_NEWNS.
Install CR_PROC_FD_OFF after mount_proc() from the root task, where permissions are valid.

Changes
Added prepare_root_ns_mask() to derive root_ns_mask from root_item->ids.
Skipped early /proc setup for userns + shared mntns restores.
Ensured root task installs CR_PROC_FD_OFF post mount_proc() if deferred.
No changes to usernsd startup or RPC paths.

Testing
Reproduced failure described in #2597.
Verified restore succeeds without /proc permission errors.
Build and restore complete successfully.

Fixes: #2597

[avagin]

Have you tried to run tests?

$ ./test/zdtm.py run -t zdtm/static/env00
userns is supported
=== Run 1/1 ================ zdtm/static/env00
========================== Run zdtm/static/env00 in h ==========================
 DEP       env00.d
 CC        env00.o
 LINK      env00
Start test
./env00 --pidfile=env00.pid --outfile=env00.out --envname=ENV_00_TEST
Run criu dump
Run criu restore
=[log]=> dump/zdtm/static/env00/86/1/restore.log
------------------------ grep Error ------------------------
b'(00.002592) No mountpoints-6.img image'
b'(00.002597) mnt: Reading mountpoint images (id 6 pid 86)'
b'(00.002600) mnt: Building mountpoints tree'
b'(00.002602) mnt: \tBuilding plain mount tree'
b'(00.002605) Error (criu/mount.c:390): mnt: No root found for tree'
------------------------ ERROR OVER ------------------------
################# Test zdtm/static/env00 FAIL at CRIU restore ##################
Test output: ================================

 <<< ================================
##################################### FAIL #####################################

[Krishna-cell-12]

Hi, I re-ran the test after installing required networking tools and rebuilding CRIU.

Steps:

git checkout criu-dev
make clean
make
sudo ./test/zdtm.py run -t zdtm/static/env00

Environment:

CRIU 4.2
Kernel: 6.6.87 WSL2

Earlier failure was caused by missing runtime dependencies (iptables / nftables support).

Result:

========================= Test zdtm/static/env00 PASS ==========================
========================= Test zdtm/static/env00 PASS ==========================
========================= Test zdtm/static/env00 PASS ==========================

Full output is attached below and screenshot included for reference.

[avagin]

@Krishna-cell-12 it fails in my environment and it fails in CI jobs [1]. You can try to run ./zdtm.py run -a.

[1] https://app.circleci.com/jobs/github/checkpoint-restore/criu/7453

[github-actions]

A friendly reminder that this PR had no activity for 30 days.