I've written a patch which adds a new config keyword
'lxc.cap.drop'. This keyword allows to specify capabilities which are
dropped before executing the container binary.
Reworked-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Michael Holzt <lxc@my.fqdn.org> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>