10:28:38 # Life Been playing with user namespaces. But it seems we lack documentation, and moreover, it lacks coherent design as an API, probably because we are playing whack a mole on new holes as they are discovered. As for the naming, seems to be called 'userns' in patch sets. The API is unshare(CLONE_NEWUSER) with bunch of files in proc such as /proc/self/uid_map,gid_map. CAP_SETGID seems also be related but not sure if it's doing anything.