From 78b1cb1fcb80ac90f625d8e374054ca60bdf1019 Mon Sep 17 00:00:00 2001
From: Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
Date: Fri, 25 Oct 2013 18:41:03 +0200
Subject: [PATCH] Do not drop sys_boot

This fixes #2391
Upstream-commit: b64ce8e33cb0a63ede881da78580e37ea4f0d6a7
Component: engine
---
 components/engine/AUTHORS         | 1 +
 components/engine/lxc_template.go | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS
index 7b1bba49e7..13872ecebf 100644
--- a/components/engine/AUTHORS
+++ b/components/engine/AUTHORS
@@ -117,6 +117,7 @@ Marko Mikulicic <mmikulicic@gmail.com>
 Markus Fix <lispmeister@gmail.com>
 Martin Redmond <martin@tinychat.com>
 Matt Apperson <me@mattapperson.com>
+Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
 Matt Bachmann <bachmann.matt@gmail.com>
 Matthew Mueller <mattmuelle@gmail.com>
 Maxim Treskin <zerthurd@gmail.com>
diff --git a/components/engine/lxc_template.go b/components/engine/lxc_template.go
index 37232a89d3..315e84744a 100644
--- a/components/engine/lxc_template.go
+++ b/components/engine/lxc_template.go
@@ -113,7 +113,7 @@ lxc.mount.entry = {{$realPath}} {{$ROOTFS}}/{{$virtualPath}} none bind,{{ if ind
 #  (Note: 'lxc.cap.keep' is coming soon and should replace this under the
 #         security principle 'deny all unless explicitly permitted', see
 #         http://sourceforge.net/mailarchive/message.php?msg_id=31054627 )
-lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
+lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
 {{end}}
 
 # limits