Release 0.1.7 (CVE-2017-5226) This release backs out the change in 0.1.6 which unconditionally called setsid() in order to fix a security issue with `TIOCSTI`, aka CVE-2017-522. That change caused some behavioural issues that are hard to work with in some cases. For instance, it makes shell job control not work for the bwrap command. Instead there is now a new option --new-session which works like 0.1.6. It is recommended that you use this if possible, but if not we recommended that you neutralize this some other way, for instance using SECCOMP, which is what flatpak does: https://github.com/flatpak/flatpak/commit/902fb713990a8f968ea4350c7c2a27ff46f1a6c4 In order to make it easy to create maximally safe sandboxes we have also added a new commandline switch called --unshare-all. It unshares all possible namespaces and is currently equivalent with: --unshare-user-try --unshare-ipc --unshare-pid --unshare-net \ --unshare-uts --unshare-cgroup-try However, the intent is that as new namespaces are added to the kernel they will be added to this list. Additionally, if --share-net is specified the network namespace is *not* unshared. This release also has some bugfixes: * bwrap reaps (unexpected) children that are inherited from the parent, something which can happen if bwrap is part of a shell pipeline. * bwrap clears the capability bounding set. The permitted capabilities was already empty, and use of PR_NO_NEW_PRIVS should make it impossible to increase the capabilities, but more layers of protection is better. * The seccomp filter is now installed at the very end of bwrap, which means the requirement of the filter is minimal. Any bwrap seccomp filter must at least allow: execve, waitpid and write Git-EVTag-v0-SHA512: 5794231c542988f81e628786383e91dc44d5bd5a9cf816f11cc3a34cbb6eb511b14f945c28d14e1f78babf4f02543f13b199d16e90b3aa8e7a8270daf4be486d