Grant capabilities to the uWSGI instance. See the capabilities(7) for available values. uWSGI runs as an unprivileged user (even as Emperor) with the minimal capabilities required. This option can be used to add fine-grained permissions without running the service as root. When in Emperor mode, any capability to be inherited by a vassal must be specified again in the vassal configuration using cap. See the uWSGI docs for more information.

[ ]

[
  "CAP_NET_BIND_SERVICE" # bind on ports <1024
  "CAP_NET_RAW"          # open raw sockets
]