+ if (context->capability_bounding_set_drop)
+ for (i = 0; i <= CAP_LAST_CAP; i++)
+ if (context->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) i)) {
+ if (prctl(PR_CAPBSET_DROP, i) < 0) {
+ r = EXIT_CAPABILITIES;
+ goto fail_child;
+ }
+ }
+