policycoreutils: seunshare: Only drop caps not the Bounding Set from seunshare

This means you can still run setuid programs, but don't need special
perms to run seunshare.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>

policycoreutils/sandbox/seunshare.c

@@ -58,7 +58,7 @@
 static int verbose = 0;
 static int child = 0;
 
-static capng_select_t cap_set = CAPNG_SELECT_BOTH;
+static capng_select_t cap_set = CAPNG_SELECT_CAPS;
 
 /**
  * This function will drop all capabilities.