Restrict syscalls for the download process whenever possible Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Ensure that the download process cannot get new privileges Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>