Expand description
Drop all capabilities that are supported by the kernel but which this library is not aware of from the current thread’s bounding capability set.
For example, this code will drop all bounding capabilities (even ones not supported by
capctl) except for CAP_SETUID:
// Drop all capabilities that `capctl` knows about (except for CAP_SETUID)
for cap in Cap::iter() {
if cap != Cap::SETUID {
bounding::drop(cap).unwrap();
}
}
// Drop any new capabilities that `capctl` wasn't aware of at compile time
bounding::clear_unknown();See Handling of newly-added capabilities for the rationale.