I am working on finishing up the capabilities patch for TS-338. My problem is what is the desired security model. With seteuid() you have to enable / disable (change EUID) locally around the operation. With capabilities you can do that, or you can enable the privilege during process initialization and then just leave it on.
For now, after a discussion on IRC, I am going with the latter -- enable the privilege at process init and leave it enabled. Note that when using capabilities the EUID is never changed back to root (which, of course, is the point). If anyone has a reason to not do it this way, let me know. Thanks.
