-
Committer:
Chris Coulson
-
Date:
2014-04-16 16:42:02 UTC
-
Revision ID:
chris.coulson@canonical.com-20140416164202-lf1kq7uhw2ugovdp
Don't call prctl(PR_SET_NO_NEW_PRIVS) after forking the sandbox IPC process, as this prevents the suid sandbox from gaining enough privileges to map inode numbers to PID's on behalf of the zygote