Commit 58773088 authored by madaidan's avatar madaidan Committed by jvoisin

Mount a new tmpfs on /tmp and drop all capabilities

This mounts a new tmpfs on /tmp so any files residing there would be hidden
from the sandbox. Many programs store some files in there that might be useful
to an attacker.  It also drops all capabilities incase it is ever run with
extra capabilities for whatever reason.
parent 37145531
Pipeline #27911 passed with stages
in 6 minutes and 2 seconds