Comment 7 for bug 1655906

Right, afaict this is caused by https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378 . Marking the process as undumpable requires that the caller has CAP_SYS_PTRACE in the target process user namespace. If not, then any file-opening operations on /proc/<pid>/<file> (e.g. readlink()) will be denied. This is exactly what getPipeFds() is trying to do. This leads to the error you see above. There's another PR floating around that will complicate things even when CAP_SYS_PTRACE is available (https://github.com/opencontainers/runc/pull/1274). But I need to take a closer look.