Comment 2 for bug 1010787

I think what Karma was suggesting is that a process executing inside the schroot environment can use ptrace(2) to attach to a process outside the schroot environment. Such a process will probably have the ability to run:

schroot -c <foo> -u root <arbitrary root-level command>

Of course, on Ubuntu kernels, the ptrace(2) attachment will fail due to:

kernel.yama.ptrace_scope = 1