Hello, It'd be useful to be able to specify POSIX capabilities a Shepherd service should have, for example for an unprivileged process to be able to bind to ports lower than 1024.
This came up while reviewing #63082, which patch 10/16 (now dropped because of loss of functionality) suggested to let the user/group change be effected by Shepherd instead of by MPD itself (see: https://issues.guix.gnu.org/63082#98). I know that NixOS has some mechanism to do that; I think it was a simple shell script wrapper setting the capabilities, but that's all I remember. -- Thanks, Maxim