setcap cvdalloc in the postinst.

This necessitates adding libcap2-bin as a new dependency, but doing so
is somewhat expected; other packages that run setcap in postinst also
are described similarly.

We could setuid root here as a fallback, but that may be a better
decision to leave for when we make all this more portable; we have the
permissions check at runtime anyway to cover any exceptional cases.

Author: 3405691582

base/debian/control

@@ -44,6 +44,7 @@ Depends: adduser,
          iproute2,
          iptables,
          libarchive-tools | bsdtar,
+         libcap2-bin,
          libcurl4,
          libdrm2,
          libfdt1,

base/debian/cuttlefish-base.postinst

@@ -24,6 +24,9 @@ case "$1" in
     then
         addgroup --system kvm
     fi
+
+    setcap cap_net_admin,cap_net_bind_service,cap_net_raw=+ep \
+        /usr/lib/cuttlefish-common/bin/cvdalloc
     ;;
 esac