Jakub Skokan

It seems that when file capabilities are set from init_user_ns, there's no associated uid with them and they work from within a user namespace. Resetting all file capabilities from init_user_ns...

Container images are fixed with 4ef8d4d3a2f34411c296291758a931ddad631da5 -- images will contain unnamespaced file capabilities. File capabilities will still be lost on ct chown. There is some integration with id mapping mounts,...