Comment 9 for bug 1990064

I'm still trying to understand the exact implications of this, since I make extensive use of LXC containers, using subuid/subgid mapping, so that users can create containers without needing access to UID 0.

Are we talking about blocking namespaces where UID 0 in the container is mapped to the real UID 0, or will it also impact containers where UID 0 in the container is mapped to some other UID.