TL;DR implement cap_launch(). In single threaded libcap use, it is reasonably straightforward to launch a sub-program, and understand how capability state of the parent is effected. In a multi-threaded program, launched from a -lcap -lpsx ... -lpthreads linked binary it is less so. As such, I think we need to provide a cap_launch() function that can fork/execve a child program with a different security context - ie., more restrictive bounding set, different inheritable capabilities, mode etc. Since Go comes with a native Linux os/exec that has a myopic view of capabilities ( https://golang.org/pkg/syscall/#SysProcAttr ), libcap/cap should offer a more fully functional one, and libcap (C) should maintain feature parity.
The first step here was to make libpsx support fork(). Pthreads have some carefully prepared support for fork() which is fraught with peril for pthread based applications. Fork() support is committed here: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=51ed0ec9b78ef321e5feba3780aefbc4d0246449 Next up is some support for all of the flavors of inheritable capabilities.
To capture the three capability vectors that can be inherited, we've created an IAB abstraction. This is committed here: (C) https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=943b011b5e53624eb9cab4e96c1985326e077cdd (Go) https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1b14d6411f8abaafe74c4da817d69623c351a440 This will be used to conveniently prepare what is to be launched.
Add cap_launch(C): https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=ef485973d5547431782f9e5f4323eabfebb38622 and cap.Launch(Go): https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=e20eb695f91b5c3a87039d6b512b28056c71256d