Doing so would eliminate some of the racy code and probably make it easier to implement some of the features we lack today.
Former user commented on 2016-08-18T16:47:41.000-0400:
While chatting with Jerry about this, one idea that came up was the concept of a branded cred_t. That might be a neat way to ensure that restrictions established in LX processes aren't stripped away via a trip through a native exec() or something.