Eric wants to restrict permissions for proc mounts in a non-root userns
according with proc mounts in the root userns.

Author: Eric W. Biederman <ebiederm@xmission.com>
Date:   Fri May 8 23:49:47 2015 -0500

    mnt: Modify fs_fully_visible to deal with locked ro nodev and atime

    Ignore an existing mount if the locked readonly, nodev or atime
    attributes are less permissive than the desired attributes
    of the new mount.
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>