Hi all, Here's a second version. It's very close from the first one and takes into account some discussions we had with kirill on the topic during OLS. 2 patches follow, the first introduces the user namespace core and the last enables to use it with unshare. Changes [try #2] - removed struct user_namespace* argument from find_user() - added a root_user per user namespace execns() syscall is back in the attic for the moment. I'm still maintaining it and we'll see if it's of any use when we address the user space API of the full conainer. soon, I hope ! This user namespace patchset does not try to address all the issues that were raised by the previous thread on the topic, like user mapping per namespace, per mount, etc. It tries to solve some simple issues with the current implementation of containers in mind. It should be especially useful the existing solutions and lay ground basic objects. thanks for your comments, C.