From fc55e2c59a1675ba8ae1efa2bf6c7c7bb29d7b96 Mon Sep 17 00:00:00 2001
From: Simon Fels <morphis@gravedo.de>
Date: Thu, 8 Dec 2016 17:06:52 +0100
Subject: [PATCH] Get rid of dropping capabilities as this prevents gaining
 relevant ones in the container

---
 src/anbox/container/lxc_container.cpp | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/anbox/container/lxc_container.cpp b/src/anbox/container/lxc_container.cpp
index 4167a1a..4d959f1 100644
--- a/src/anbox/container/lxc_container.cpp
+++ b/src/anbox/container/lxc_container.cpp
@@ -80,10 +80,6 @@ void LxcContainer::start(const Configuration &configuration) {
     if (container_->is_running(container_)) container_->stop(container_);
   }
 
-  // We drop all not needed capabilities
-  set_config_item("lxc.cap.drop",
-                  "mac_admin mac_override sys_time sys_module sys_rawio");
-
   // We can mount proc/sys as rw here as we will run the container unprivileged
   // in the end
   set_config_item("lxc.mount.auto", "proc:mixed sys:mixed cgroup:mixed");