Namespaces in operation, part 1: namespaces overview
Namespaces in operation, part 1: namespaces overview
Posted Jan 5, 2013 6:10 UTC (Sat) by ebiederm (subscriber, #35028)In reply to: Namespaces in operation, part 1: namespaces overview by dw
Parent article: Namespaces in operation, part 1: namespaces overview
Right on the edges of user space kuids and kgids are translated to/from uids and gids, and you must use the translation functions because they are type incompatible.
As for the the kernel directly comparing the uid field to determine root privilege suid() and it's kin was replaced by capable calls internal to the kernel a decade or so ago.
Like any thing new there are reasons to be cautious, but getting the data types wrong is not one of those reasons. Similarly for system administrators there shouldn't really be any more challenge than using fake-root.
But please if you aren't comfortable with user namespaces please disable them in your kernel builds that is what the config option is for.