Comment 1 for bug 1785499

== preserve file capabilities ==
=== Rationale ===
Filesystem capabilities aren't properly restored during unsquashfs, this effectively prevents any LXD image from containing file capabilities and breaks basic tools like mtr in recent images.

=== Testcase ===
For the fscaps part, easiest is to grab the latest cosmic cloud image from:
  http://cloud-images.ubuntu.com/cosmic/current/cosmic-server-cloudimg-amd64.squashfs

Then unsquashfs as root and check if "/usr/bin/mtr-packet" shows a capability when running "getcap".

=== Regression potential ===
Minimal, we're syncing to the exact same source and patches as we've got in bionic and cosmic, the patch is also trivial and "obviously right". The issue is that the kernel will strip capabilities during chown() and unsquashfs was restoring capabilities before calling chown. This patch simply re-orders it so that capabilities are applied after ownership.