privileges, such as allowing a user to set up user namespace UID/GID mappings.
Note on GID policies and setgroups()
-==================
+====================================
In v5.9 we are adding support for limiting CAP_SETGID privileges as was done
previously for CAP_SETUID. However, for compatibility with common sandboxing
related code conventions in userspace, we currently allow arbitrary