Move a couple of utility functions to a new namespace_utils class.

sandbox/linux/services/credentials_unittest.cc

Index: sandbox/linux/services/credentials_unittest.cc
diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc
index 92f199a4bf036e1195c90e284d1cab0801c65bdc..6df82c5d9aab21ca6f0f88891d93e134f538a249 100644
--- a/sandbox/linux/services/credentials_unittest.cc
+++ b/sandbox/linux/services/credentials_unittest.cc
@@ -6,6 +6,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <sched.h>
 #include <stdio.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -15,6 +16,7 @@
 #include "base/files/scoped_file.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/process/process.h"
 #include "sandbox/linux/tests/unit_tests.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -77,13 +79,6 @@ SANDBOX_TEST(Credentials, MoveToNewUserNS) {
   CHECK(!Credentials::HasAnyCapability());
 }
 
-SANDBOX_TEST(Credentials, SupportsUserNS) {
-  CHECK(Credentials::DropAllCapabilities());
-  bool user_ns_supported = Credentials::SupportsNewUserNS();
-  bool moved_to_new_ns = Credentials::MoveToNewUserNS();
-  CHECK_EQ(user_ns_supported, moved_to_new_ns);
-}
-
 SANDBOX_TEST(Credentials, UidIsPreserved) {
   CHECK(Credentials::DropAllCapabilities());
   uid_t old_ruid, old_euid, old_suid;
@@ -159,7 +154,14 @@ SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) {
 
   // The kernel should now prevent us from regaining capabilities because we
   // are in a chroot.
-  CHECK(!Credentials::SupportsNewUserNS());
+  errno = 0;
+  CHECK_EQ(-1, unshare(CLONE_NEWUSER));
+  CHECK_EQ(EPERM, errno);
+
+  errno = 0;
+  CHECK_EQ(-1, base::ForkWithFlags(CLONE_NEWUSER | SIGCHLD, nullptr, nullptr));
+  CHECK_EQ(EPERM, errno);
+
   CHECK(!Credentials::MoveToNewUserNS());
 }