Quoting Serge E. Hallyn (serue at us.ibm.com): > From: Serge E. Hallyn <serue at us.ibm.com> > Subject: [RFC] [PATCH 0/3] user ns and vfs: Introduction > > Cedric has previously sent out a patchset > (http://lists.osdl.org/pipermail/containers/2006-August/000078.html) > impplementing the very basics of a user namespace. It ignores > filesystem access checks, so that uid 502 in one namespace could > access files belonging to uid 502 in another namespace, if the > containers were so set up. Oh, and the real question, which i forgot to ask - for those who objected to Cedric's patchset on the grounds of lack of file access controls, does this patchset address your concerns? It seems to me it provides isolation to those who want it, while leaving the door open to a uid mapping solution (whether in a stackable fs, a global-uidaware fs, or whatever) in the future. thanks, -serge