@pid_eins I can't seem to be able to combine --private-users=managed with --bind-user. I get "Failed to clone /home/rein: Operation not permitted", and some overlayfs errors from the kernel.

Furthermore I can't seem to get /run/user/1000 to bind with idmap, which is why I was hoping to identity map the users in the first place.