The user namespace has been around for over a decade at this point yet it's adoption has been somewhat lagging. This can be tracked down to a lot of complexity that comes with it, from having to decide what uid/gid maps to use for what container, punching holes through the map to pass host resources, handle mapping of the owner of various files on the filesystem, ...

In this talk, we'll be looking at the current state of the user namespace, its most common limitations and annoyances, and then go over a proposed design for a second generation of user namespaces. Those rely on recent kernel features to provide a massively simpler and more flexible experience which should unblock the use of user namespaces for many!

Expect a rather demo filled talk, highlighting the current mechanics of the user namespace and the proposed improvements to it.