Using shiftfs with overlayfs and fuse, it was possible to receive the data of files that were not readable by the mounter before setting up permissions. It was later found that by only using user namespaces and overlayfs, it was possible to have a file not readable by the unprivileged user to be copied to a mountpoint controlled by such user, like a removable device.
It is my understanding that the attacker must have a number of conditions in place for this attack to work correctly.
The target file must exist on an overlay filesystem.
The target file must be accessible in the namespace.
The destination must be writable by the exploiting target.
This doesn't mean that the attacker can choose what the target is, only that the information within the original file can accessed by bypassing existing permissions..