Process spawning should expose the ability to drop capabilities on linux

[alexcrichton]

More information can be found in this comment: #12085 (comment)

The idea is that when you attempt to drop privileges when spawning (setuid, setgid etc) you should in theory be dropping all privileges of the previous user. We're already doing some special stuff with setgroups, and it sounds like capabilities should also be dropped.

cc @bnoordhuis

[bnoordhuis]

There are two ways to go about this, I think: either drop individual capabilities with capset() or simply drop everything with prctl(PR_SET_KEEPCAPS, 0).

The first option is more flexible but you need to deal with capset()'s convoluted interfaces (plural intentional) and you may have to special-case for kernels without file-based capability support.

[l0kod]

This feature should be available even outside the process spawning (i.e. post-execution).

[alexcrichton]

Closing in favor of rust-lang/rfcs#941