linux capable() grants PF_SUPERPRIV to the calling process whenenver
the calling process checks a for a specific capability. Will this
create a security hole? for example, a process that is allowed to
create device node (CAP_MKNOD), can gain PF_SUPERPRIV after calling
capable(), and can then perform admin operations?

Thanks!