executor: fix enabling of ICMP/ping sockets

net/ipv4/ping_group_range sysctl grants access to ICMP sockets
to the specified user groups. But it needs to be set inside
of the net namespace (it's per-namespace).
We were setting it but in the init namespace only (which we don't use).
Set it after CLONE_NEWNET. This repairs testing of ICMP sockets.

Note: don't set it for setuid sandbox since it's "low privilege".

0 files changed, 0 insertions, 0 deletions