New comment by tavianator on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-805003949

Comment:
Actually `setpriv` works fine, I just had the wrong ownership of `/` in my container.  But I got `capsh` working too, thanks to this hint from the `setpriv` manpage:

```
              If you drop a capability from the bounding set without
              also dropping it from the inheritable set, you are likely
              to become confused.  Do not do that.
```

It seems like CAP_DAC_{OVERRIDE,READ_SEARCH} are inheritable in a container, so I have to remove them.  Patch coming.