We have understood that the fine granularity of the capabilities model is a major security advantage over the old-style root only or setuid-root approach. So, back to our fictional packcap program: We would like to use capabilities, and not the setuid-root. So, lets say that, upon careful study of the available capabilities, we conclude that we would like the following capabilities to be endowed into our program:
Looking up the man page on credentials(7) reveals that the first of them gives a process the ability to perform all required network administrative asks; the second, the ability to use "raw" sockets.
But how exactly does the developer embed these required capabilities ...