Anatomy of a user namespaces vulnerability

Excellent article, very useful for cementing my understanding of namespaces.

I am bit confused about one aspect of the fix; one part of the fix is 'make CLONE_NEWUSER automatically imply CLONE_FS in the unshare() system call'. In this case, couldn't the child in the description of the exploit simply fork and then the grandchild could call unshare(CLONE_NEWUSER) (which would be the same as unshare(CLONE_NEWUSER | CLONE_FS) according to the fix), putting it back into the same environment as described in the article?