Hi, As I understand, kernel currently supports six namespaces. Is it possible for a process inside a container (running with different namespaces - all six) to escape the container by unshare() 'ing ? Would this be different for privileged/unprivileged containers? Thanks, Riya