CAP_FS_SET
return cap_drop(a, CAP_FS_SET);
return cap_combine(a, cap_intersect(permitted, CAP_FS_SET));
