[BUG] Capabilities enforcement apply only for 1 thread

[AlonZivony]

Prerequisites

• This affects latest released version.
• This affects current development tree (origin/HEAD).
• There isn't an issue describing the bug.

Select one OR another:

• I'm going to create a PR to solve this (assign to yourself).
• Someone else should solve this.

Bug description

This bug was discovered while investigating #1803
We noticed that the error message we received isn't received on each run, only for part of them.
When forcing only 1 goroutine, the error occurs in much more runs.
@yanivagman suggested that the current capabilities package change only thread's capabilities, which might not be the thread with reduced capabilities. See the discussion in #1803 for more details.

This is how I'm executing tracee (cmdline):
sudo ./dist/tracee-ebpf -o none -o option:parse-arguments -o option:detect-syscall-trace comm-bash -trace follow

This is the error I'm getting:
Inconsistently, get the following error message:

Context

Relevant information about my setup:

• Linux version: Ubuntu
• Linux kernel version: 5.13
• Tracee version (or commit id of your tree): 727e6

[rafaeldtinoco]

I believe we've dropped this from this milestone, right ? Just wanted to make sure @AlonZivony (based on our previous meeting).

[yanivagman]

I believe we've dropped this from this milestone, right ? Just wanted to make sure @AlonZivony (based on our previous meeting).

I think we should keep it as part of the milestone as we already merged the dropped capabilities PR, but it's implementation is incorrect, which might cause hard to debug issues on some environments due to it being statistically working.

[AlonZivony]

I agree with @yanivagman here.
If we can merge it to the current version it would be the best option.
If you can help me close it in time it would be great.

[rafaeldtinoco]

Sure, no objections. I just wanted to confirm that is what we wanted! Thanks.