NOTES:

Problems with RHEL7 kernel:

  ret = unshare(CLONE_NEWUSER);

does not work, because:

---------------------------
# file: liinux-2.6-3.10.0/kernel/user_namespace.c 
int create_user_ns(struct cred *new)
{
	struct user_namespace *ns, *parent_ns = new->user_ns;
	kuid_t owner = new->euid;
	kgid_t group = new->egid;
	int ret;

	/* Currently disabled in RHEL7 */
	return -EINVAL;
...
---------------------------

There is already an open bug:

https://bugzilla.redhat.com/show_bug.cgi?id=917708

Other links:

http://zurlinux.com/?p=2106