Created attachment 361270 [details, diff] Patch for x11-misc/slock-1.1.ebuild introducing capability usage x11-misc/slock currently installs a SUID root binary in order to be able to read /etc/shadow. For that, granting CAP_DAC_READ_SEARCH would also suffice. The attached patch does that, using fcaps.eclass: If the new USE "filecaps" is disabled, nothing changes. If it's enabled however, only the capability is granted.
Thanks for the patch. Committed in -r1.