@pid_eins@mastodon.social started his series again so let me add an entry. In v260, I've added support for delegating UID ranges to containers from nsresourced and mountfsd. This allows nested containers to acquire their own UID ranges from nsresourced without needing to set up /etc/subuid inside the container. You can also easily enter a user namespace now with the foreign UID range mapped in to create container rootfs trees for use with transient UID ranges from nsresourced.