The pseudo file net_prio.ifpriomap (under /sys/fs/cgroup/net_prio) contains a
map of the priorities assigned to traffic starting from processes in a cgroup and leaving the system on various interfaces. The data format is in the form of [ifname priority]. 

We find that the kernel handler function hooked at net_prio.ifpriomap is not aware of the network namespace, and thus it discloses all network interfaces on the physical machine to the containerized applications. 

To be more specific, the read operation of net_prio.ifpriomap is handled by the function read_priomap. Tracing from this function, we can find it invokes for_each_netdev_rcu and set the first parameter as the address of init_net. It iterates all network devices of the host regardless of the network namespace. Thus, from the view of a container, it can read the names of all network devices of the host.

Here is an example. I checked it on Linux kernel 4.4 with Docker version 1.12.1. I do not have the latest kernel at hand. But there is no code change between 4.4 and 4.9 for this function. It should be reproducible in the latest kernel. 

I initiated a Docker container and checked the net_prio.ifpriomap inside the container. It displayed all network interfaces information on the host.

Container: 
root@25e25d553c3b:/# cat /sys/fs/cgroup/net_prio/net_prio.ifpriomap 
lo 0
eth0 0
eth1 0
xenbr0 0
lxdbr0 0
virbr0 0
virbr0-nic 0
docker0 0
vnet0 0
vnet1 0
veth132de4a 0

Host:
XXXX@XXXX:~$ cat /sys/fs/cgroup/net_prio/net_prio.ifpriomap 
lo 0
eth0 0
eth1 0
xenbr0 0
lxdbr0 0
virbr0 0
virbr0-nic 0
docker0 0
vnet0 0
vnet1 0
veth132de4a 0

From the information displayed above, this file exposes the same network interface information in a container and on a host, which we considered to be a leakage for the network namespace.