Comment 34 for bug 1639345

On the kernel side there was previously a CVE assigned for the ptrace issue - CVE-2015-8709. That restricted ptrace if the real, effective, and saved uids and gids of the process were not mapped into the ptracing process's user ns, but that doesn't forbid ptrace under the circumstances here.

We've applied Eric's patch as the "upstream replacement" to the sauce patch we've been carrying, and it's included in the current SRU cycle, which is due to be released to -updates on Nov 28 if there are no problems.