"Thompson, David" <dthomps...@worcester.edu> skribis: > Yes, user namespaces can be created by unprivileged users. The user > that created the namespace then has root in the context of the new > namespace, which allows for creating all of the other types of > namespaces. There's been some bumps along the way, such as a security > bug with groups that prompted the addition of the > /proc/<pid>/setgroups file in Linux 3.19 (I think) that has since been > backported to earlier kernel releases, the oldest I know of being > 3.13. But overall, this feature is very good and using it for Guix > would allow for the unprivileged daemon to take advantage of almost > all of the isolation techniques used by the privileged daemon.
That’d be a very nice thing to have. Thanks, Ludo’.