"The semantics of MNT_LOCKED are that you aren't allowed to see what is beneath. So if you can get under there even by unsharing the mount namespace it is an implementation bug in MNT_LOCKED." At this current time, Red Hat Enterprise Linux products do not ship with user namespaces enabled as a kernel compile-time option and are therefore not affected. References: http://marc.info/?l=linux-kernel&m=141271552117745&w=2 http://www.spinics.net/lists/linux-containers/msg30786.html https://git.kernel.org/linus/da362b09e42ee0bcaf0356afee6078b4f324baff http://openwall.com/lists/oss-security/2015/04/18/3
Statement: This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1226765]
This issue does not affect Red Hat Enterprise Linux at this time as we do not allow creation of user namespaces. This area of code does not exist and has not been backported to current Red Hat Enterprise Linux kernels.
*** Bug 1226108 has been marked as a duplicate of this bug. ***