1Allows a process to set capabilities on files. 2Permits a process to uid_map the uid=0 of the 3parent user namespace into that of the child 4namespace. Also, permits a process to override 5securebits locks through user namespace 6creation. 7