"Serge E. Hallyn" [off-list ref] writes:

Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):

quoted

It is pointless and confusing to allow a pid namespace hierarchy and
the user namespace hierarchy to get out of sync.  The owner of a child
pid namespace should be the owner of the parent pid namespace or
a descendant of the owner of the parent pid namespace.

Otherwise it is possible to construct scenarios where it is legal to
do something in a parent pid namespace but in a child pid namespace.

Hi,

did you mean 'but not in a child...' above?

Actually I believe I meant:

quoted

Otherwise it is possible to construct scenarios where it is not legal
to do something in a parent pid namespace but it is legal a child pid
namespace.

I definitely need to fix that wording thank you.

Eric