diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c
index 2fbc262450..7735a3b4a8 100644
--- a/src/lxc/lxc_native.c
+++ b/src/lxc/lxc_native.c
@@ -853,6 +853,28 @@ lxcSetBlkioTune(virDomainDefPtr def, virConfPtr properties)
return 0;
}
+static void
+lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties)
+{
+ virConfValuePtr value;
+ char **toDrop = NULL;
+ const char *capString;
+ size_t i;
+
+ if ((value = virConfGetValue(properties, "lxc.cap.drop")) && value->str)
+ toDrop = virStringSplit(value->str, " ", 0);
+
+ for (i = 0; i < VIR_DOMAIN_CAPS_FEATURE_LAST; i++) {
+ capString = virDomainCapsFeatureTypeToString(i);
+ if (toDrop != NULL && virStringArrayHasString(toDrop, capString))
+ def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF;
+ }
+
+ def->features[VIR_DOMAIN_FEATURE_CAPABILITIES] = VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW;
+
+ virStringFreeList(toDrop);
+}
+
virDomainDefPtr
lxcParseConfigString(const char *config)
{
@@ -950,6 +972,9 @@ lxcParseConfigString(const char *config)
if (lxcSetBlkioTune(vmdef, properties) < 0)
goto error;
+ /* lxc.cap.drop */
+ lxcSetCapDrop(vmdef, properties);
+
goto cleanup;
error:
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
index 36b8e52f28..c9c046969a 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
@@ -25,6 +25,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
index 932ab6168e..e7863fa13f 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
@@ -13,6 +13,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
index 1bab1c65ac..50c5358abe 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
@@ -15,6 +15,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
index 050ccd6f72..80a83ff78a 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
@@ -14,6 +14,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
index 996c0f7496..3105b8cefc 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
@@ -8,6 +8,10 @@
exe
/sbin/init
+
+
+
+
destroy
restart
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
index b7c919e7a0..7df1ef0e98 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
@@ -15,6 +15,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
index 6d9e16de45..e002b99a66 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
@@ -8,6 +8,10 @@
exe
/sbin/init
+
+
+
+
destroy
restart
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
index 101324ad1c..dc9d6350f5 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
@@ -10,6 +10,8 @@
+
+
destroy
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
index 5fe1b03b37..cfaceb520d 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
@@ -8,6 +8,10 @@
exe
/sbin/init
+
+
+
+
destroy
restart
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
index dabb76ee5e..10428ec615 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
@@ -8,6 +8,14 @@
exe
/sbin/init
+
+
+
+
+
+
+
+
destroy
restart
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
index 45348ed159..712be3e1ec 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
@@ -8,6 +8,10 @@
exe
/sbin/init
+
+
+
+
destroy
restart