newuidmap - set the uid mapping of a user namespace
newuidmap pid uid loweruid count [uid loweruid count [ ... ]]
The newuidmap sets /proc/[pid]/uid_map based on its command line arguments and the uids allowed. Subuid delegation can either be managed via /etc/subuid or through the configured NSS subid module. These options are mutually exclusive.
Note that the root user is not exempted from the requirement for a valid /etc/subuid entry.
After the pid argument, newuidmap expects sets of 3 integers:
newuidmap verifies that the caller is the owner of the process indicated by pid and that for each of the above sets, each of the UIDs in the range [loweruid, loweruid+count) is allowed to the caller according to /etc/subuid before setting /proc/[pid]/uid_map.
Note that newuidmap may be used only once for a given process.
Instead of an integer process id, the first argument may be specified as fd:N, where the integer N is the file descriptor number for the calling process's opened file for /proc/[pid[. In this case, newuidmap will use openat(2) to open the uid_map file under that directory, avoiding a TOCTTOU in case the process exits and the pid is immediately reused.
There currently are no options to the newuidmap command.