From fd58524f81031eec112b5e9bd52bfaa186fc9c20 Mon Sep 17 00:00:00 2001
From: Bernerd Schaefer <bj.schaefer@gmail.com>
Date: Wed, 28 May 2014 16:40:36 +0200
Subject: [PATCH] Add system.SetKeepCaps and system.ClearKeepCaps

Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
---
 pkg/system/calls_linux.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/pkg/system/calls_linux.go b/pkg/system/calls_linux.go
index faead0114e..6986051e1d 100644
--- a/pkg/system/calls_linux.go
+++ b/pkg/system/calls_linux.go
@@ -135,6 +135,22 @@ func GetParentDeathSignal() (int, error) {
 	return sig, nil
 }
 
+func SetKeepCaps() error {
+	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 1, 0); err != 0 {
+		return err
+	}
+
+	return nil
+}
+
+func ClearKeepCaps() error {
+	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_KEEPCAPS, 0, 0); err != 0 {
+		return err
+	}
+
+	return nil
+}
+
 func Setctty() error {
 	if _, _, err := syscall.RawSyscall(syscall.SYS_IOCTL, 0, uintptr(syscall.TIOCSCTTY), 0); err != 0 {
 		return err