Comment 2 for bug 645625

Serge Hallyn (serge-hallyn) wrote :

Thanks for taking an interest and reporting this bug.

You can use LSMs to mitigate this to some extent. However the real solution will be completion of the user namespace and proc filtering. Both are well-known and substantial todo items.

I am marking this Triaged as (a) the proper solution is known, and (b) the community is slowly but surely addressing it.