Release 0.1.4 This release contains a workaround for the kernel allowing the user to ptrace any process in the child user namespace. Prior to this workaround the user could attach to the setup code in bubblewrap and take control while the child still had full privileges in the user namespace (it could never get more privileges in the parent namespace though). With the workaround, we're now true to the README in that bubblewrap only allows a subset of the user namespace features. In order to fix the above we had to drop the support for a set-caps binary. We now only support setuid 0 (or unprivileged if the kernel has such user namespace support). Additionally this release fixes the handling of recursive bind mounts flags where previously we sometimes failed to handle some uncommon setups. If you were unable to start bwrap before due to mount errors this should now be fixed. Git-EVTag-v0-SHA512: 55e170e25eee5f3c8eb947c1532bd7d9dffe74277b9964a28b0bc184800da3d904282668ced54a2bff53c3d9811b40435d8b1db30b5eab610fa85a0954ed20bf