Comment # 15 on bug 1131084 from Aleksa Sarai

I know I'm late to the party here, but I would suggest you shouldn't be
mounting /proc yourself inside a container -- especially if you are running
privileged code. There are all sorts of container escapes that can occur if you
have a /proc mount without any masked paths (for instance,
/proc/sysrq-trigger).

Instead, if you really need it for a chroot(2) then you should rbind-mount the
host's /proc (which does have all of correct parts mounted-over).