diff --git a/common.h b/common.h
index 94c621b..26222f8 100644
--- a/common.h
+++ b/common.h
@@ -24,6 +24,7 @@
 
 #include <limits.h>
 #include <netinet/ip6.h>
+#include <signal.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <sys/queue.h>
diff --git a/kafel b/kafel
index b20d268..2ae8e11 160000
--- a/kafel
+++ b/kafel
@@ -1 +1 @@
-Subproject commit b20d26848992cb14661f6fbccca6a82b1c2af546
+Subproject commit 2ae8e116e416539da66ed7170e246668df05e43e
diff --git a/nsjail.c b/nsjail.c
index 0331be7..7e5008b 100644
--- a/nsjail.c
+++ b/nsjail.c
@@ -76,20 +76,10 @@ static bool nsjailSetSigHandler(int sig)
 
 static bool nsjailSetSigHandlers(void)
 {
-	if (nsjailSetSigHandler(SIGINT) == false) {
-		return false;
-	}
-	if (nsjailSetSigHandler(SIGUSR1) == false) {
-		return false;
-	}
-	if (nsjailSetSigHandler(SIGALRM) == false) {
-		return false;
-	}
-	if (nsjailSetSigHandler(SIGCHLD) == false) {
-		return false;
-	}
-	if (nsjailSetSigHandler(SIGTERM) == false) {
-		return false;
+	for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
+		if (!nsjailSetSigHandler(nssigs[i])) {
+			return false;
+		}
 	}
 	return true;
 }
diff --git a/nsjail.h b/nsjail.h
index 70de7c7..7194b93 100644
--- a/nsjail.h
+++ b/nsjail.h
@@ -23,6 +23,14 @@
 #ifndef NS_NSJAIL_H
 #define NS_NSJAIL_H
 
-#include "common.h"
+#include <signal.h>
+
+static const int nssigs[] = {
+	SIGINT,
+	SIGUSR1,
+	SIGALRM,
+	SIGCHLD,
+	SIGTERM,
+};
 
 #endif /* _NSJAIL_H */
diff --git a/subproc.c b/subproc.c
index efb855e..a816505 100644
--- a/subproc.c
+++ b/subproc.c
@@ -109,12 +109,28 @@ static const char* subprocCloneFlagsToStr(uintptr_t flags)
 	return cloneFlagName;
 }
 
+/* Reset the execution environment for the new process */
+static bool subprocReset(void)
+{
+	for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
+		if (signal(nssigs[i], SIG_DFL) == SIG_ERR) {
+			PLOG_W("signal(%s, SIG_DFL)", utilSigName(nssigs[i]));
+			return false;
+		}
+	}
+	return true;
+}
+
 static int subprocNewProc(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd)
 {
 	if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
 		exit(0xff);
 	}
 
+	if (!subprocReset()) {
+		exit(0xff);
+	}
+
 	if (pipefd == -1) {
 		if (userInitNsFromParent(nsjconf, getpid()) == false) {
 			LOG_E("Couldn't initialize net user namespace");
diff --git a/subproc.h b/subproc.h
index a4f64e7..5cb4ff2 100644
--- a/subproc.h
+++ b/subproc.h
@@ -24,6 +24,8 @@
 
 #include "common.h"
 
+#include "nsjail.h"
+
 #include <inttypes.h>
 #include <unistd.h>