waf should die if it can't find sys/capability.h on linux

The standard startup scripts for ntpd on linux include -u ntp:ntp Without capabilites, when ntpd drops root, it won't be able to set the time.

There should probably be a command line flag to allow building without libcap.

Maybe we should have a run time trap too.