[systemd-devel] Difference between CapabilityBoundingSet and AmbientCapabilities?

[Manuel Reimer]

Hello,

can someone please give a short hint or link to easy to understand 
information, so I can find the difference between the "Capability" 
settings in systemd.exec?

I have two situations:

What will I use if I have a "User=" configured, but I want to give one 
or two additional capabilities to the launched daemon?

Is it also possible to add additional capabilities to daemons which 
switch user (setuid) in their own code?

Thanks in advance

Manuel