New comment by tavianator on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-804981189

Comment:
I think I figured out what's happening.  The build is happening in a user namespace.  `capsh --drop` silently fails there, which seems like a bug.

`setpriv` seems to do something, but it works a little too well:

```
# setpriv --inh-caps=-dac_override,-dac_read_search --bounding-set=-dac_override,-dac_read_search -- cat foo
cat: error while loading shared libraries: libc.so.6: cannot open shared object file: Permission denied
```