Comment 2 for bug 1560211

This bug was fixed in the package ubuntu-core-launcher - 1.0.20

---------------
ubuntu-core-launcher (1.0.20) xenial; urgency=medium

  * don't set NO_NEW_PRIVS. This requires changing privilege dropping since
    CAP_SYS_ADMIN is needed with seccomp_load(). This means temporarily
    dropping until seccomp_load(), then raising before and permanently
    dropping after the filter is applied. As a result, setuid/setgid is
    required in all policy (but is still mediated by AppArmor)
    - LP: #1560211

 -- Jamie Strandboge <email address hidden> Mon, 21 Mar 2016 15:24:33 -0500