> But from what? If this *expands* the universe of stuff I gotta audit *because it inspires people to require more capabilities than they really need, and then drop the stuff they don't want... then it's going to make sysadmins' lives harder.
I don't really see the problem. Before file capabilities, if a process required *any* extra capabilities it needed to be SUID to root. Now processes can start out with a subset of those capabilities rather than full SUID. Worst case, I would think you could simply treat any executable file with a non-empty set of file capabilities as if it were SUID.
Or are you concerned that people will add individual capabilities to programs that formerly didn't require any, where the stigma of requiring full SUID would have dissuaded them?