Hi David, On the Linux SMB client, we've recently been dealing with some issues relating to namespaces for containers that access the cifs mounts. For several upcalls that we use, we allocate a seperate thread keyring, prepare_kernel_cred to create a new cred, and temporarily override the cred for the current process before we call request_key (which eventually can upcall into userspace). However, with the current design, we always upcall into the host namespace. We then have to perform any namespace switch in the userspace (which we do today for some type of upcalls). However, this does not seem ideal.
