As for the kernel side of this, I believe Eric Biederman is aware of this particular problem and looking into options to restrict ptrace of processes crossing userns boundaries.
As for the kernel side of this, I believe Eric Biederman is aware of this particular problem and looking into options to restrict ptrace of processes crossing userns boundaries.