Comment 3 for bug 1087134

So I looked again at the way capabilities are queried in procenv and did some re-reading of capabilities(7). I wonder now what you intend to show in this function.

Do you want to show capabilities that the process actually has enabled or capabilities that it has in its bounding set that it could potentially enable in itself or a child process? When I run procenv in my terminal I know I do not have any capabilities enabled, but it shows all capabilities as "yes" because they are not masked out of my bounding set.

I originally reported this assuming the former, but procenv currently reports the latter.