A comma-separated list of capability clauses to be given to the wrapper program. The format for capability clauses is described in the “TEXTUAL REPRESENTATION” section of the cap_from_text(3) manual page. For a list of capabilities supported by the system, check the capabilities(7) manual page.
cap_setpcap, which is required for the wrapper program to be able to raise caps into the Ambient set is NOT raised to the Ambient set so that the real program cannot modify its own capabilities!! This may be too restrictive for cases in which the real program needs cap_setpcap but it at least leans on the side security paranoid vs. too relaxed.