[$] A capability set for user namespaces

User namespaces in Linux create anenvironment in which all privileges are granted, but their effect iscontained within the namespace; they have become an important tool for theimplementation of containers. They have also become a significant sourceof worries for people who do not like the increased attack surface theycreate for the kernel. Various attempts have been made to restrict thatattack surface over the years; the latest is user namespacecapabilities, posted by Jonathan Calmels.