Comment 2 for bug 1438758

The fix for this issue will be to have apport do the following tasks prior to executing the crash handler in the container:
 - replicate the task's apparmor profile
 - attach to all namespaces (setns)
 - seteuid and setegid to 0 of that namespace
 - sanitize the fd list (only 0, 1 and 2, all pointing to /dev/null)