I was chatting with Eric yesterday and he mentioned this patch in his next branch which may address the ptrace issue from the kernel point of view (which would make this a kernel security issue):
https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-next&id=2e41414828bb0b066bde2f156cfa848c38531edf
It'd be good if someone could build a kernel with this patch applied and see if this resolves the ptrace issue.
I was chatting with Eric yesterday and he mentioned this patch in his next branch which may address the ptrace issue from the kernel point of view (which would make this a kernel security issue):
https:/ /git.kernel. org/cgit/ linux/kernel/ git/ebiederm/ user-namespace. git/commit/ ?h=for- next&id= 2e41414828bb0b0 66bde2f156cfa84 8c38531edf
It'd be good if someone could build a kernel with this patch applied and see if this resolves the ptrace issue.