David Howells <dhowells@xxxxxxxxxx> writes: > Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > >> Yup - patch coming (probably next week) for that, > > Thanks. > >> but there's the question, given that user namespaces are hierarchical, of >> whether, if pidns B is a child of pidns A created by userid 500, a task in >> pidns A should see keys in userns B (listed as belonging to userid 500). > > Does that mean all the UIDs of B should be part of A? Or is just UID 500 > inherited? Or is UID 0 in B the same as UID 500 in A? So far the design is that user namespaces are disjoint with one specific exception. The user who creates the user namespace is expected to have god like powers over all users in the created user namespace. When carefully implemented will allow a user namespace to be created with normal user permissions and for the user that created user namespace to manage the resources owned by users in that user namespace. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers