A kernel bug in user namespaces allows root in a container to ptrace host-root-owned tasks during a window of opportunity during lxc-attach / 'lxc exec', before they drop privilege by doing setuid to the container root uid.
A kernel bug in user namespaces allows root in a container to ptrace host-root-owned tasks during a window of opportunity during lxc-attach / 'lxc exec', before they drop privilege by doing setuid to the container root uid.