Please let me know. lxc does not use them right now. Libvirt uses them for lxc containers f they are available, but I hope we can essentially have it stop for awhile. In addition, there's tons of software out there that I don't know about, and fear of breaking their use of current user namespaces has been keeping me from pushing further userns patches. I've outlined how I see user namespaces developing at https://wiki.ubuntu.com/UserNamespace . Note there is nothing new in there - some of it goes a year back, much of it more than two years. Nothing actually new. Currently user namespaces are not very useful, but they do provide separate uid accounting, and simply tossing CLONE_NEWUSER in with CLONE_NEWNS and friends has until now been safe to do. As you can see, that is going to change. So if that would cause you pain that you can't work around, please get back to me. Otherwise, I'd like to get serious soon about expanding upon, and pushing upstream, the patches to make CLONE_NEWUSER more useful for sandboxing. thanks, -serge -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list