NAK: user namespace delta for raring?

[Serge Hallyn]

Quoting Eric W. Biederman (ebiederm at xmission.com):
> Would starting the container without privilege and using newuidmap and
> newgidmap during startup avoid the privilege change that makes things
> undumpable?

No.  In practice (just tried) the /proc contents are still owned by the
host's root, but even if they were owned by the unprivileged user, that
would still be the host's (kuid) 1000 (for example) which is not mapped
into the container, so it would belong to nobody:nogroup.

-serge