[Unit]
Description=Test for CapabilityBoundingSet

[Service]
ExecStart=/bin/sh -x -c 'c=$$(capsh --print | grep "^Bounding set .*cap_chown"); test -z "$$c"'
Type=oneshot
CapabilityBoundingSet=~CAP_CHOWN