Posted Dec 13, 2012 13:55 UTC (Thu) by rfrancoise (subscriber, #15508)
Parent article: User namespaces progress
Allowing non-privileged users to create new network/ns/pid namespaces via userns is absolutely great. At the moment, Chrome/Chromium ships with a setuid-root helper to create pid/network namespaces to run the renderers into, it will become unnecessary once this work becomes available.
Combined with the new "mode 2" seccomp implementation it makes Linux a platform with strong sandboxing support!