* Christian Brauner: > With fsid mappings we can solve this by writing an id mapping of 0 > 100000 100000 and an fsid mapping of 0 300000 100000. On filesystem > access the kernel will now lookup the mapping for 300000 in the fsid > mapping tables of the user namespace. And since such a mapping exists, > the corresponding files will have correct ownership. I'm worried that this is a bit of a management nightmare because the data about the mapping does not live within the file system (it's externally determined, static, but crucial to the interpretation of file system content). I expect that many organizations have centralized allocation of user IDs, but centralized allocation of the static mapping does not appear feasible. Have you considered a more complex design, where untranslated nested user IDs are store in a file attribute (or something like that)? This way, any existing user ID infrastructure can be carried over largely unchanged.
