I just noticed that this bug is about the whole CAP_SETCAP and not only about CONFIG_SECURITY_FILE_CAPABILITIES :) The latter brought me here because my bug 232351 got marked as a duplicate of this one.
Examples for safe behaviour are for example bug 103010: "Starting with Linux 2.6.18, the kernel now requires that a user process has CAP_NET_ADMIN capability associated with it to set persistent tap interfaces. This a problem since most people do not run qemu as root - nor should they."
I just noticed that this bug is about the whole CAP_SETCAP and not only about CONFIG_ SECURITY_ FILE_CAPABILITI ES :) The latter brought me here because my bug 232351 got marked as a duplicate of this one.
Examples for safe behaviour are for example bug 103010: "Starting with Linux 2.6.18, the kernel now requires that a user process has CAP_NET_ADMIN capability associated with it to set persistent tap interfaces. This a problem since most people do not run qemu as root - nor should they."
Check out http:// www.friedhoff. org/posixfileca ps.html for more details.