fn drop_capabilities() -> Result<(), c_int>
Removes fake-superuser capabilities. This removes our ability to mess with the filesystem view we’ve set up.