[PATCHv3 2/2] groups: Allow unprivileged processes to use setgroups to drop groups

Currently, unprivileged processes (without CAP_SETGID) cannot call setgroups at all. In particular, processes with a set of supplementary groups cannot further drop permissions without obtaining elevated permissions first. Allow unprivileged processes to call setgroups with a subset of their

[PATCHv3 2/2] groups: Allow unprivileged processes to use setgroups to drop groups

Currently, unprivileged processes (without CAP_SETGID) cannot call setgroups at all. In particular, processes with a set of supplementary groups cannot further drop permissions without obtaining elevated permissions first. Allow unprivileged processes to call setgroups with a subset of their