Index: linux-3.12.33-rt47-i386/kernel/capability.c
===================================================================
@ linux-3.12.33-rt47-i386/kernel/capability.c:395 @ bool ns_capable(struct user_namespace *n
 		current->flags |= PF_SUPERPRIV;
 		return true;
 	}
+
+	if ((cap == CAP_NET_RAW) || (cap == CAP_NET_ADMIN)) {
+#if 0
+		printk(KERN_WARNING "capable() using kernel-hack "
+		       "CAP_NET_RAW || CAP_NET_ADMIN\n");
+#endif
+		current->flags |= PF_SUPERPRIV;
+		return true;
+	}
+
+	if (cap == CAP_IPC_LOCK) {
+#if 0
+		printk(KERN_WARNING
+		       "capable() using kernel-hack CAP_IPC_LOCK\n");
+#endif
+		current->flags |= PF_SUPERPRIV;
+		return true;
+	}
+
+	if (cap == CAP_SYS_NICE) {
+#if 0
+		printk(KERN_WARNING
+		       "capable() using kernel-hack CAP_SYS_NICE\n");
+#endif
+		return true;
+	}
+
 	return false;
 }
 EXPORT_SYMBOL(ns_capable);