- Each user namespace has its own <tt>root</tt> user with
- privileges over the users and processes in that namespace - but
- not the whole system
+ Previously done by OpenVZ and Linux-VServer; gradually being
+ reimplemented upstream
+ </li>
+ <li>
+ User namespaces (added in 3.7) support the existence of a
+ <tt>root</tt> user inside the container that is unprivileged
+ outside the container