The solution is to use user namespaces and to only test ns_capable on the magic reboot path. For the 3.7 timeframe that should be a realistic solution. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
