Cap bounding set problems


No fine-grained control

No way to get capabilities back selectively

Unreversable
Must reboot to make changes
Assuming CAP_SYS_BOOT still available...