fn join_host_ipc_namespace() -> Result<()>Expand description
Join the host IPC namespace if we’re in an isolated one and have
sufficient privileges. The default for podman run is a separate IPC
namespace, which for e.g. bootc install can cause failures where tools
like udev/cryptsetup expect semaphores to be in sync with the host.
While we do want callers to pass --ipc=host, we don’t want to force
them to need to either.
Requires CAP_SYS_ADMIN (needed for setns()); silently skipped when
running unprivileged (e.g. during RPM build for manpage generation).
Also skipped when /proc/1/ns/ipc is not accessible, which can happen
in restricted build environments (e.g. Tekton/Buildah containers) where
/proc is masked even for processes with CAP_SYS_ADMIN.