sandbox: paths must be bind mounted in order of their length

sandbox/sandbox-linux.cpp

@@ -91,6 +91,8 @@ bool SandboxLinux::bindMountPaths(std::string target_root, std::initializer_list
 
 bool SandboxLinux::isolateNamespaces(std::vector<std::string> fsPaths)
 {
+	std::sort(fsPaths.begin(), fsPaths.end(),
+			  [](const std::string &a, const std::string &b) { return a.length() < b.length(); });
 
 	auto current_uid = getuid();
 	auto current_gid = getgid();