Release 0.1.4

This release contains a workaround for the kernel allowing the user
to ptrace any process in the child user namespace. Prior to this
workaround the user could attach to the setup code in bubblewrap
and take control while the child still had full privileges in
the user namespace (it could never get more privileges in the
parent namespace though). With the workaround, we're now true
to the README in that bubblewrap only allows a subset of the
user namespace features.

In order to fix the above we had to drop the support for a set-caps
binary. We now only support setuid 0 (or unprivileged if the kernel
has such user namespace support).

Additionally this release fixes the handling of recursive bind mounts
flags where previously we sometimes failed to handle some uncommon
setups. If you were unable to start bwrap before due to mount errors
this should now be fixed.

Alexander Larsson (11):
      Don't print double errors in case privileged helper dies
      Priv-sep: Don't trust client args for REMOUNT_RO_NO_RECURSIVE
      Add test with basic running operations
      Completely drop setcaps codepaths in favour of setuid
      Work around user-namespaces allowing ptrace
      utils: Add path_equal()
      bind-mounts: Fix handling of covered mountpoints
      tests/test-run.sh: Add some more tests that now work
      bind-mount: Fix issue when destination of mount is in a symlink
      Fix make dist
      Release 0.1.4

Colin Walters (2):
      .redhat-ci.yml: New file
      build: Dist bwrap.xml in tarball

Giuseppe Scrivano (3):
      bwrap: setuid to the sandbox uid
      bwrap: fix typos
      bubblewrap: do not leave zombie process

Git-EVTag-v0-SHA512: 55e170e25eee5f3c8eb947c1532bd7d9dffe74277b9964a28b0bc184800da3d904282668ced54a2bff53c3d9811b40435d8b1db30b5eab610fa85a0954ed20bf