Merge remote-tracking branch 'intrigeri/bug12939-systemd-no-new-privileges'

Conflicts:
	contrib/dist/tor.service.in

changes/bug12939-systemd-no-new-privileges

@@ -0,0 +1,4 @@
+  o Distribution:
+    - systemd unit file: ensures that the process and all its children
+      can never gain new privileges.
+      Patch by intrigeri; resolves ticket 12939.

contrib/dist/tor.service.in

@@ -22,6 +22,7 @@ InaccessibleDirectories = /home
 ReadOnlyDirectories = /
 ReadWriteDirectories = @LOCALSTATEDIR@/lib/tor
 ReadWriteDirectories = @LOCALSTATEDIR@/log/tor
+NoNewPrivileges = yes
 
 [Install]
 WantedBy = multi-user.target