Release 0.1.4

This release contains a workaround for the kernel allowing the user
to ptrace any process in the child user namespace. Prior to this
workaround the user could attach to the setup code in bubblewrap
and take control while the child still had full privileges in
the user namespace (it could never get more privileges in the
parent namespace though). With the workaround, we're now true
to the README in that bubblewrap only allows a subset of the
user namespace features.

In order to fix the above we had to drop the support for a set-caps
binary. We now only support setuid 0 (or unprivileged if the kernel
has such user namespace support).

Additionally this release fixes the handling of recursive bind mounts
flags where previously we sometimes failed to handle some uncommon
setups. If you were unable to start bwrap before due to mount errors
this should now be fixed.

Git-EVTag-v0-SHA512: 55e170e25eee5f3c8eb947c1532bd7d9dffe74277b9964a28b0bc184800da3d904282668ced54a2bff53c3d9811b40435d8b1db30b5eab610fa85a0954ed20bf
-----BEGIN PGP SIGNATURE-----

iD8DBQBYPT6d62IW3bdscOkRAoR3AKCfOXI7GddsY49WIzx1eiJoZ4Q6FACfYg7J
T9juBtlKE4x9nMSyuxgtwZQ=
=b9vZ
-----END PGP SIGNATURE-----