unshare with supplementary groups

On my Linux machine, I (my user) have a main group and multiple other groups (note I belong to group 150): $ id -u; id -g; id -G 1000 1000 1000 6 21 91 97 150 190 465 996 1003 I need to isolate a command into a user namespace. I use unshare --user for that: $ unshare --user --map-user=4000 --map-group=4000 bash -c 'id -u; id -g; id -G' 4000 4000 4000 65534 (Note that all groups I belonged to are kept but, as most of them are not mapped in the new user namespace, they are replaced by the overflow group, 65534, "nobody", or "nogroup". A call to getgroups confirms that by returning the list "1000 65534 65534 65534 65534 65534 65534 65534 65534 65534". id deduplicates that list.) I'm not allowed, as a user, to map any group excepted the effective group in parent namespace (1000). But here, I do need to use one of my supplementary group to run an executable with escalated privileges (note that /usr/bin/dumpcap may be executed only if one is in the group 150, in which I am in the outer namespace): $ ls -n /usr/bin/dumpcap -rwxr-xr-- 1 0 150 116928 Jun 7 21:16 /usr/bin/dumpcap $ getcap /usr/bin/dumpcap /usr/bin/dumpcap cap_dac_override,cap_net_admin,cap_net_raw=eip Is there a way to make a group in the user namespace mapped to a supplementary group I belong to in the parent namespace (here 150)? —Without CAP_SETGID of course, it would be too easy. ;-)