On Tue, 11 Oct 2022 16:40:08 +1100 David Gibson <david(a)gibson.dropbear.id.au> wrote:Our current handling of capabilities isn't quite right. In particular, drop_caps() attempts to remove capabilities from the bounding set, which usually won't work, and even if it does won't have the effect we want. This series corrects that, as well as making some other fixes and cleanups in adjacent code.Other than those entirely formal details I reported (...and I tried hard), this looks great to me, and feels like a relief. :) -- Stefano