Remove setuid/setgid bits from any/all RunCVM binaries

Author: struanb

Dockerfile

@@ -129,8 +129,9 @@ RUN /usr/local/bin/elf-patcher.sh && \
     done && \
     mkdir -p $CODE_PATH/usr/share && \
     cp -a /usr/share/qemu $CODE_PATH/usr/share && \
-    cp -a /etc/terminfo $CODE_PATH/usr/share
-
+    cp -a /etc/terminfo $CODE_PATH/usr/share && \
+    # Remove setuid/setgid bits from any/all binaries
+    chmod -R -s $CODE_PATH/
 
 # --- BUILD STAGE ---
 # Build static runcvm-init