diff --git a/src/runcon.c b/src/runcon.c
index b25db04..52b0b36 100644
--- a/src/runcon.c
+++ b/src/runcon.c
@@ -249,6 +249,11 @@ main (int argc, char **argv)
     error (EXIT_FAILURE, errno, _("invalid context: %s"),
            quote (context_str (con)));
 
+  /* Prevent the sandboxed process from using the TIOCSTI ioctl to
+     push characters into the controlling terminal's input buffer.  */
+  if (setsid () != 0)
+    error (EXIT_FAILURE, errno, _("cannot create session"));
+
   if (setexeccon (context_str (con)) != 0)
     error (EXIT_FAILURE, errno, _("unable to set security context %s"),
            quote (context_str (con)));