Index: linux-3.12.33-rt47-i386/kernel/capability.c =================================================================== @ linux-3.12.33-rt47-i386/kernel/capability.c:395 @ bool ns_capable(struct user_namespace *n current->flags |= PF_SUPERPRIV; return true; } + + if ((cap == CAP_NET_RAW) || (cap == CAP_NET_ADMIN)) { +#if 0 + printk(KERN_WARNING "capable() using kernel-hack " + "CAP_NET_RAW || CAP_NET_ADMIN\n"); +#endif + current->flags |= PF_SUPERPRIV; + return true; + } + + if (cap == CAP_IPC_LOCK) { +#if 0 + printk(KERN_WARNING + "capable() using kernel-hack CAP_IPC_LOCK\n"); +#endif + current->flags |= PF_SUPERPRIV; + return true; + } + + if (cap == CAP_SYS_NICE) { +#if 0 + printk(KERN_WARNING + "capable() using kernel-hack CAP_SYS_NICE\n"); +#endif + return true; + } + return false; } EXPORT_SYMBOL(ns_capable);