There is an article on LWN about filesystem UID shifting for user namespaces,
(source: https://news.ycombinator.com/item?id=22350436, it is their subscriber link)
The article talks about the three ways of shifting UIDs,
- using the shiftfs filesystem
- shifting is done in the bind-mount
- [shifting is now a property of the user namespace] (the new proposed way, authored by @brauner ).