Support for files with subordinate uid/gid ownership

[anthonyryan1]

With containers becoming more and more widespread, I've started seeing files using subuid/subgids instead of regular user ownership. An additional uid suffixed to the end of the normal uid that needs some form of syscall magic incantation to read or write them.

My current understanding is it requires a combination of unshare() and writing to /proc/sef/{uid_map,gid_map}. But I have yet to see a minimal code example of how to do this.

/etc/subuid

ancient:1004000000:65536

ls -l

-rw-r-----  1 1004       1004        12M  regular-ownership.bin
-rw-rw----  1 1004000998 1004000998  12M  subuid-ownership.bin

It would be nice to be able to rsync these files, without losing this metadata, given we've got support for xattrs, acls, and many more forms of hidden metadata.