Fchroot uses binfmt_misc to register a QEMU handler for certain binaries. This lets us magically pretend we are on arm-64bit on x86-64bit and transparently chroot into a foreign architecture with s simple "fchroot /path/to/foreign-architecture-rootfs".

Right now, binfmt_misc is not namespaced. This means two things. First, it means that you must be root on the host to use fchroot to register a QEMU handler. It also impacts containers, such as the LXD containers that we use. It means that if you are in a container, the /proc/sys/fs/binfmt_misc is shared with the host. This means that the container has a read-only view of the settings on the host:

This is not ideal. Ideally we would want the container to have its own independent settings.

This kernel patch, from 2019, accomplishes this, but was never merged, apparently because the author never followed up with a documentation update. Not sure:

https://www.uwsg.indiana.edu/hypermail/linux/kernel/1912.1/07946.html

Merging this patch into our kernel, and ensuring that the binfmt_misc filesystem is mounted in the new namespace effectively moves binfmt_misc into something that can be managed by a non-root user. Allowing binfmt-misc to be used without root and be independent of the host would be a big win for fchroot.