Without further ado, the following was found: Issue 1: I</proc/ pid /setgroups> → I</proc/>pidI</setgroups> Issue 2: I</proc/ pid /gid_map> → I</proc/>pidI</gid_map> Issue 3: I</proc/ pid /gid_map> → I</proc/>pidI</gid_map> "Writing \"I<deny>\" to the I</proc/ pid /setgroups> file before writing to " "I</proc/ pid /gid_map> will permanently disable B<setgroups>(2) in a user " "namespace and allow writing to I</proc/ pid /gid_map> without having the " "B<CAP_SETGID> capability in the parent user namespace."
