g_gate_drop_capabilities(), Teil 1

+int
+g_gate_drop_capabilities(int sendfd, int recvfd)
+{
+       cap_rights_t rights;
+       static const unsigned long ggatecmds[] = {
+           G_GATE_CMD_START,
+           G_GATE_CMD_DONE,
+           G_GATE_CMD_CANCEL,
+       };
+
+       if (cap_enter() != 0) {
+               g_gate_xlog("Failed to sandbox using capsicum");
+       }
+
+       cap_rights_init(&rights, CAP_PREAD, CAP_PWRITE);
+       if (cap_rights_limit(sendfd, &rights) == -1) {
+               g_gate_xlog("Unable to limit capability "
+                   "rights on sendfd %d", sendfd);
+       }
+       if (cap_rights_limit(recvfd, &rights) == -1) {
+               g_gate_xlog("Unable to limit capability "
+                   "rights on recvfd %d", recvfd);
+       }
+