Hi Eric, Currently, unless caller has CAP_SETGID in parent namespace, we can only map effective group id in the new user namespace. Would it be possible to relax this rule to also allow mapping of supplemental groups (1:1) of the caller?
Thanks. -- Dmitry
