On Tue, Mar 03, 2026 at 02:59:11PM +0100, Filip Schauer wrote: > On 27/02/2026 16:33, Wolfgang Bumiller wrote: > > The pre-start hook gets a `$namespaces` hash passed as 3rd > > parameter, we can just open the user namespace fd there for this > > purpose. > > I just realized that this won't work. The pre-start hook cannot access > the container's user namespace, since the container's init process > wasn't even started yet.
We could see if a `start-host` hook applying the idmapping after the fact could do the job, but I'm not a big fan of splitting the mounting into phases like this. > > We could however still reuse the container namespace when hot-plugging. Yeah, if we want to special case this. Other than that, we could at least cache the namespaces somewhere via bind mounts so we can reuse them in hotplugging, too, but that can be added as a follow up as well, since that's rather the exception, not the rule. For the regular setup code, simply caching the fds in a hash is enough.
