- UID24/GID24 (works on all 32bit U/GID FSs) the format uses the upper quarter of user and group id to store the context information, again transparently. you'll end up with 16 million user and group ids, which should suffice for the majority of applications ...
Quite a few systems create one group per user by default, so that they can leave users wandering around with a 002 umask without worrying about security. So if the external method doesn't work out, my vote would go for this option.
I prefer the UID24/GID24 option. I can't see any reason why having 'only' 16 million users and groups could be limiting within a virtual context situation, and it would mean that we were just making more efficient use of UID/GID identifiers. Even within different contexts, they are still just users and groups, right?
Also, wouldn't there also be a smaller chance of future conflicts if using UID24/GID24? That 'unused' part of the inode may get used at some point, but UID/GID values are unlikely to be re-mapped in the future.
-- GuruJ.
