CAP_SYS_ADMIN: the new root

There will always be many operations which fundamentally are equivalent to root, because they can be used to subvert the kernel itself. Splitting these dangerous operations up into many different capabilities is counter-productive - they should all be under one "root-equivalent" capability. It doesn't much matter whether you call that capability CAP_SYS_ADMIN, CAP_RAWIO or CAP_AS_GOOD_AS_ROOT.