[$] Unprivileged filesystem mounts, 2018 edition

The advent of user namespaces and container technology has made it possibleto extend more root-like powers to unprivileged users in a (we hope) safeway. One remaining sticking point is the mounting of filesystems, whichhas long been fraught with security problems. Work has been proceeding toallow such mounts for years, and it has gotten a little closer with theposting of a patch series intended for the 4.18 kernel. But, as anunrelated discussion has made clear, truly safe unprivileged filesystemmounting is still a rather distant prospect - at least, if one wants to doit in the kernel.