don't drop capabilities when running as root
When the effective user is root, no capabilities are dropped. This change has no effect when running as non-privileged user or when switching to non-privileged user via user() in config.
Dropping capabilities as a root user resulted in the following unexpected behaviour:
- When using trust anchor update, r/w access to root keys is neeeded. These are typically owned by knot-resolver user. When kresd is executed as root and capabilities are dropped, this file was no longer writable, because it is owned by knot-resolver, not root.
- It is impossible to recreate/resize cache due to the same permission issue as above.
If you want to drop capabilities when starting kresd as a root user,
you can switch the user with the user() command. This changes the
effective user ID and drops any capabilities as well.
meson build option capng is also added to optionally disable the capability dropping support entirely at build time