Comment 13 for bug 95089

I just noticed that this bug is about the whole CAP_SETCAP and not only about CONFIG_SECURITY_FILE_CAPABILITIES :) The latter brought me here because my bug 232351 got marked as a duplicate of this one.

Examples for safe behaviour are for example bug 103010: "Starting with Linux 2.6.18, the kernel now requires that a user process has CAP_NET_ADMIN capability associated with it to set persistent tap interfaces. This a problem since most people do not run qemu as root - nor should they."

Check out http://www.friedhoff.org/posixfilecaps.html for more details.