Description: Linux user namespaces can bypass group-based restrictions
References:
 http://www.openwall.com/lists/oss-security/2014/11/17/19
 http://thread.gmane.org/gmane.linux.man/7385/
 http://lwn.net/Articles/626665/
 http://lwn.net/Articles/626677/
Notes:
 bwh> Mitigated in Debian because by default you need CAP_SYS_ADMIN to
 bwh> create a new userns.
Bugs:
upstream: released (3.19-rc1) [0542f17bf2c1f2430d368f44c8fcf2f82ec9e53e, 273d2c67c3e179adb1e74f403d1e9a06e3f841b5, be7c6dba2332cef0677fbabb606e279ae76652c3, 80dd00a23784b384ccea049bfb3f259d3f973b9d, f95d7918bd1e724675de4940039f2865e5eec5fe, f0d62aec931e4ae3333c797d346dc4f188f454ba, 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8, 66d2f338ee4c449396b6f99f5e75cd18eb6df272, db86da7cb76f797a1a8b445166a15cb922c6ff85]
2.6.32-upstream-stable: N/A "User namespaces not usable"
sid: released (3.16.7-ckt4-1)
3.2-wheezy-security: N/A "User namespaces not usable"
2.6.32-squeeze-security: N/A "User namespaces not usable"
3.16-upstream-stable: released (3.16.7-ckt4)
3.2-upstream-stable: N/A "User namespaces not usable"