From c8c11bfc363363fcc26da5868292544cbabea320 Mon Sep 17 00:00:00 2001
From: Alexander Morozov <lk4d4@docker.com>
Date: Tue, 10 Mar 2015 08:50:03 -0700
Subject: [PATCH 1/2] Use CgroupString instead of missing GetCgroupAllowString
 in lxc_template

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
---
 daemon/execdriver/lxc/lxc_template.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemon/execdriver/lxc/lxc_template.go b/daemon/execdriver/lxc/lxc_template.go
index 425df01da8..79ef51fb72 100644
--- a/daemon/execdriver/lxc/lxc_template.go
+++ b/daemon/execdriver/lxc/lxc_template.go
@@ -51,7 +51,7 @@ lxc.cgroup.devices.allow = a
 lxc.cgroup.devices.deny = a
 #Allow the devices passed to us in the AllowedDevices list.
 {{range $allowedDevice := .AllowedDevices}}
-lxc.cgroup.devices.allow = {{$allowedDevice.GetCgroupAllowString}}
+lxc.cgroup.devices.allow = {{$allowedDevice.CgroupString}}
 {{end}}
 {{end}}
 

From 821ec8334fd4ff3500b4e2d2338f3cc8935e17bd Mon Sep 17 00:00:00 2001
From: Alexander Morozov <lk4d4@docker.com>
Date: Tue, 10 Mar 2015 09:43:11 -0700
Subject: [PATCH 2/2] Setup user groups in lxc driver

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
---
 daemon/execdriver/lxc/driver.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/daemon/execdriver/lxc/driver.go b/daemon/execdriver/lxc/driver.go
index 2daff50d91..54da7160a8 100644
--- a/daemon/execdriver/lxc/driver.go
+++ b/daemon/execdriver/lxc/driver.go
@@ -420,6 +420,9 @@ func setupUser(userSpec string) error {
 	if err != nil {
 		return err
 	}
+	if err := syscall.Setgroups(execUser.Sgids); err != nil {
+		return err
+	}
 	if err := system.Setgid(execUser.Gid); err != nil {
 		return err
 	}