Hi Guix,

I need to offload some of my eternally rebased local patches. 
Here's one that makes it easy to assign capabilities(7) — 
currently through setcap(8) — to programmes like we can 
set{u,g}id.

There are many packages that benefit from this.  Mine are:

  (privileged-programs
    (cons* (privileged-program
            (file-append mtr "/sbin/mtr")
            (capabilities "cap_net_raw+ep"))
           (privileged-program
            (file-append nethogs "/sbin/nethogs")
            (capabilities "cap_net_admin,cap_new_raw+ep"))
           (privileged-program
            (file-append light "/bin/light")
            (setuid? #t))
           %default-privileged-programs))

The set's over a year old and needs a bit of love.  Some details 
might have bitrot, I probably forgot a to-do or two in that year, 
and there's something unguixy about calling setcap(8) instead of 
writing a completely new Guile binding/module :-)

I'm quite opinionated about the setuid-programs unification: there 
should not be multiple confusing and masking layers of privilege, 
and it should be possible to setgid a capable executable.

Kind regards,

T G-R