Comment 5 for bug 1530566

The whitelist approach looks good to me. (I first wondered whether it would be possible to first mount a FUSE filesystem over /proc/$pid, then mount an ecryptfs over that, but that wouldn't work because unprivileged FUSE wouldn't allow the chdir() to the filesystem root.)