When using chroots, use a private PID namespace

In a private PID namespace, processes have PIDs that are separate from
the rest of the system.  The initial child gets PID 1.  Processes in
the chroot cannot see processes outside of the chroot.  This improves
isolation between builds.  However, processes on the outside can see
processes in the chroot and send signals to them (if they have
appropriate rights).

Since the builder gets PID 1, it serves as the reaper for zombies in
the chroot.  This might turn out to be a problem.  In that case we'll
need to have a small PID 1 process that sits in a loop calling wait().

src/libutil/util.cc

@@ -779,8 +779,11 @@ void Pid::kill()
     int status;
     while (waitpid(pid, &status, 0) == -1) {
         checkInterrupt();
-        if (errno != EINTR) printMsg(lvlError,
-            (SysError(format("waiting for process %1%") % pid).msg()));
+        if (errno != EINTR) {
+            printMsg(lvlError,
+                (SysError(format("waiting for process %1%") % pid).msg()));
+            break;
+        }
     }
 
     pid = -1;