Description
===========

The first example drops caps except setuid/gid, then change to a user, then
regain a specific capability.

The second example sets the inheritable caps and drops all caps except
setuid/gid, then change to a user, then execve a program which is assumed to
have same set of inheritable caps sets in its xattrs + effective flag. Thus
the result is the launched program has only a specific capability and nobody
can automatically gain (as opposed to effective + permited file caps) the
allowed capability. Only the runner can do it.

License
=======

Unless specified otherwise, this project is licensed under the terms of the
MIT license. You should have received a copy of the MIT License along with
this program. If not, see <https://opensource.org/licenses/MIT>.

SPDX-License-Identifier: MIT

Copyright © 2016 vg <vg@devys.org>

Contact
=======

developer
    vg

mail
    vg@devys.org