
Older versions of capsh would only show the capabilities, which we expect not to change when we don't drop capabilities; but newer versions also display whether the NO_NEW_PRIVS bit is set, and we *do* expect to change that. Resolves: https://github.com/containers/bubblewrap/issues/544 Signed-off-by: Simon McVittie <smcv@collabora.com>