Skip some tests which don't work under permissionless containers

When running as UID 0 but without CAP_DAC_OVERRIDE (for example, in a
docker container running with --uid 0 but --cap-drop=all), these tests
won't work because of hard-coded assumptions about what uid 0 can and
can't do.

Author: KJTsanaktsidis

test/fileutils/test_fileutils.rb

@@ -93,12 +93,24 @@ def no_broken_symlink?
       @@no_broken_symlink
     end
 
+    def has_capsh?
+      !!system('capsh', '--print', out: File::NULL, err: File::NULL)
+    end
+
+    def has_root_file_capabilities?
+      !!system(
+        'capsh', '--has-p=CAP_DAC_OVERRIDE', '--has-p=CAP_CHOWN', '--has-p=CAP_FOWNER',
+        out: File::NULL, err: File::NULL
+      )
+    end
+
     def root_in_posix?
       if /cygwin/ =~ RUBY_PLATFORM
         # FIXME: privilege if groups include root user?
         return Process.groups.include?(0)
-      end
-      if Process.respond_to?('uid')
+      elsif has_capsh?
+        return has_root_file_capabilities?
+      elsif Process.respond_to?('uid')
         return Process.uid == 0
       else
         return false