From 2192d3371ceb7431a6dacd170ddadd4ef26d5783 Mon Sep 17 00:00:00 2001
From: Andrea Luzzardi <aluzzardi@gmail.com>
Date: Thu, 28 Feb 2013 11:57:57 -0800
Subject: [PATCH] Re-enabled lxc capabilities drop

---
 lxc_template.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxc_template.go b/lxc_template.go
index 283391bfb3..931095c99d 100755
--- a/lxc_template.go
+++ b/lxc_template.go
@@ -82,7 +82,7 @@ lxc.mount.entry = /etc/resolv.conf {{$ROOTFS}}/etc/resolv.conf none bind,ro 0 0
 
 
 # drop linux capabilities (apply mainly to the user root in the container)
-#lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod net_raw setfcap setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
+lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod net_raw setfcap setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
 
 # limits
 {{if .Config.Ram}}