fix(userspace/libsinsp): fix op modifiers semantic and impl logic

The current operator modifiers implementation has some inconsistencies
related to the `oneof` modifier and the `!=` operator coupled with
`anyof`. The new implementation patches these inconsistency and makes
modifiers logic clear. `oneof`, `anyof` and `allof` has to be intended
as syntactic sugars. With the help of the expression
`field <op> <mod> (e0, e1, e2)`, the logic applied for these modifiers
can be described as follows
- `oneof` - matches iff exactly one among the set of expressions
  `field <op> e0`, `field <op> e1` and `field <op> e2` matches
- `anyof` matches iff the expression `field <op> e0 or field <op> e1
  or field <op> e2` matches; this means that will return true if there
  is at least 1 match among all sub-expressions.
- `allof` matches iff the expression `field <op> e0 and field <op> e1
  and field <op> e2` matches; this means that will return true iff all
  sub-expressions match.

Notice that the previous implementation applied the custom logic "not
in the list" for `!= anyof`: this is wrong and inconsistent with the
previous model, as sub-expressions must be ORed, not ANDed.

The current patch also adds a runtime check regarding the number of
values that are produced at runtime by a LHS filtercheck that claims
not to produce a list: it can only return 1 value. This makes all
tests using the `c.multi` filtercheck wrong, because this ones is
declared as a non-`EPS_IS_LIST` filtercheck that can produce multiple
values.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

fix(driver): export euid, egid and loginuid from init user ns

The kernel module currently exports euids, egids and loginuids as seen
from the task's user namespace: this is inconsistent with the
(expected) behaviour implemented by the modern eBPF probe, that
exports the ones seen from the init user namespace. Make the kernel
module consistent by fixing its code to export the ones seen from the
init user namespace.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

fix(driver): export euid, egid and loginuid from init user ns

The kernel module currently exports euids, egids and loginuids as seen
from the task's user namespace: this is inconsistent with the
(expected) behaviour implemented by the modern eBPF probe, that
exports the ones seen from the init user namespace. Make the kernel
module consistent by fixing its code to export the ones seen from the
init user namespace.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

fix(driver): hoist `flags` declaration to the top of `f_sys_accept4_x`

This prevents some build failures if the compilation toolchain uses
pedantic flags.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

fix(driver): hoist `flags` declaration to the top of `f_sys_accept4_x`

This prevents some build failures if the compilation toolchain uses
pedantic flags.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

fix(userspace/libpman): avoid redefining `_GNU_SOURCE`

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

fix(userspace/libpman): avoid redefining `_GNU_SOURCE`

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

feat: add keyctl syscall support

Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): uniform keyctl arg5

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): unify keyctl params push funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(test): rename keyctl assert funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(test): properly fix keyctl arg asserts

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

cleanup(test): collapse assert_keyctl_arg funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

chore(driver): bump schema version to 4.5.0

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

refactor(driver): simplify keyctl probes

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): use appropriate printk func

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

feat: add keyctl syscall support

Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): uniform keyctl arg5

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): unify keyctl params push funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(test): rename keyctl assert funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(test): properly fix keyctl arg asserts

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

cleanup(test): collapse assert_keyctl_arg funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

chore(driver): bump schema version to 4.5.0

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

refactor(driver): simplify keyctl probes

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): use appropriate printk func

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): compile support for s390 compat support conditionally

Commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8e0b986c59c67e08ada646249f834655a9e6da16
removed 31-bit code support for s390 and any related macro, so compile
out from kmod the check involving the usage of the dropped
`_TIF_31BIT` macro if this is not available on the kernel against
which we compile.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>