last occurrence takes precedence. This option implies --setgroups=deny and --user . --map-groups innergid : outergid ... UIDs and GIDs. This option implies --setgroups=deny and --u…using cap_setuid (3) and cap_setgroups (3). Following this command, the effective capabilities will ... provided. The groups are set with the setgroups (2) system call. See --user