Am I right that /proc/PID/status capabilities are always shown in the user namespace of PID?

I always assumed that /proc/[PID]/status shows capabilities that PID has in the user namesapce of the process that opens /proc/[PID]/status, not in the user namespace of PID, but it seems that I was wrong.

Let’s move one bash shell into a new user namespace and check that it see itself as root with all capabilities:

$ unshare -rU
# cat /proc/$$/status | grep Cap
CapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
# echo $$
965344

Let’s open a second bash shell (in the parent user namespace) and check the capabilities of the first shell:

$ cat /proc/965344/status | grep Cap
CapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000

It shows the same set of capabilities as seen from inside the user namespace!

We can confirm that the first bash shell doesn’t have real capabilities by trying to kill a process owned by other user.

$ sudo su test 
$ whoami
test
$ echo $$
978809

From the first shell:

# kill -s SIGKILL 978809
-bash: kill: (978809) - Operation not permitted

From a real root:

$ sudo kill -s SIGKILL 978809

-> Process got killed.

Am I right in my conclusion that capabilities in /proc/PID/status are always shown in the user namespace of PID? If so, is it possible to see which set of capabilities process has in the user namespace of the opening process (or at least in the “root” user namespace)? Without it it’s impossible to determine if a process really have privileges or not.