How to execve a process, retaining capabilities in spite of missing filesystem-based capabilities

view story

http://stackoverflow.com – I want to make system be usable without setuid, file "+p" capabilities and in general things are disabled when I set PR_SET_NO_NEW_PRIVS. With this approach (init sets PR_SET_NO_NEW_PRIVS and no filesystem-based capability elevation longer possible) you cannot "refill" your capabilities and only need to watch not to "splatter" them. How to execve into some other process without "splattering" any granted capabilities (such as if the new program's file is setcap =ei)? Just "I trust this new process as I trust myself". For example, a capability is given to a user (and the user wants to exersize (HowTos)