обзор пользовательских пространств имен Linux (overview of Linux user namespaces)
Примечание (Note)
Over the years, there have been a lot of features that have been
added to the Linux kernel that have been made available only to
privileged users because of their potential to confuse set-user-
ID-root applications. In general, it becomes safe to allow the
root user in a user namespace to use those features because it is
impossible, while in a user namespace, to gain more privilege
than the root user of a user namespace has.
Global root
The term "global root" is sometimes used as a shorthand for user
ID 0 in the initial user namespace.
Availability
Use of user namespaces requires a kernel that is configured with
the CONFIG_USER_NS option. User namespaces require support in a
range of subsystems across the kernel. When an unsupported
subsystem is configured into the kernel, it is not possible to
configure user namespaces support.
As at Linux 3.8, most relevant subsystems supported user
namespaces, but a number of filesystems did not have the
infrastructure needed to map user and group IDs between user
namespaces. Linux 3.9 added the required infrastructure support
for many of the remaining unsupported filesystems (Plan 9 (9P),
Andrew File System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2).
Linux 3.12 added support for the last of the unsupported major
filesystems, XFS.
