#include <stdio.h>
#include <unistd.h>

/* from libcap-dev */
#include <sys/capability.h>

#include <sys/resource.h>

int main()
{
	uid_t nobody_uid = 65534;
	cap_t lcap;
	const unsigned cap_size = 1;
	cap_value_t cap_list[] = {CAP_SYS_NICE};

	lcap=cap_get_proc();
	fprintf(stderr, "%d: %s\n", getuid(), cap_to_text(lcap, NULL));

	lcap=cap_get_proc();
	cap_set_flag(lcap, CAP_EFFECTIVE, cap_size, cap_list, CAP_SET);
	cap_set_flag(lcap, CAP_PERMITTED, cap_size, cap_list, CAP_SET);

	cap_set_proc(lcap);


	
	if(!fork())
	{

		/* child */
		if(setuid(nobody_uid) < 0) 
		{
			perror("setuid");
		}

		if(setpriority(PRIO_PROCESS, 0, getpriority(PRIO_PROCESS, 0) - 1) < 0)
		{
			perror("setpriority");
		}
	}

	return 0;
}