SUSE security research members of the Sebastian Krahmer has published the GNU/Linux kernel to mention the right vulnerability, recent GNU/Linux kernel(3.8+)have introduced a In order to facilitate the container to achieve the new features: user-namespaces(user-ns, CLONE_NEWUSER flag), this feature allows you to have your own for 0 of the UID, as a container for the process of isolation so easy to achieve, but it also brings associated security risks.
Specifically, if you take this feature and CLONE_FS mixed use will allow different container(i.e. process)is shared between the file system state, the attacker will by this combination to get root permissions:
Only when the child process gets its own user-ns(user namespace)when the parent and child processes share the file system information in this example the chroot, in its own user-ns in the use of the chroot()system call and the and in the clone()when adding CLONE_FS it will directly affect the parent process and the parent process is in user-ns of the initialization phase when you already have root privileges, Trojan has been posted here.
btw: this exploit has been in the openSUSE 12.1 + kernel 3.8.2 on the test.