Quoting Eric W. Biederman (ebiederm at xmission.com): > I actually have code that will let me fork a process in a new namespace today > with out needing bind_ns. What is more I don't even have to be root > to use it. Can you elaborate? The user namespace patches don't enforce ptrace yet, so you could unshare as root, become uid 500, then as uid 500 in the original namespace ptrace the process in the new namespace. Is that what you're doing? If (when) ptrace enforces the uid namespace, will that stop what you're doing? -serge
