Capabilities management

Implemented in Linux as of kernel 2.2

Traditional root model simply assigns all capabities to any process running as uid==0

Program can check / set capabilities using the following calls
capget(2) / capset(2)
Low level, may change across kernel versions
cap_get_proc(3) / cap_set_proc(3) 
portable library call
capgetp(3) / capsetp(3) 
linux-specific library call