[docker-io] setfcap removed from template 0.6.3-2

[Lokesh Mandvekar]

commit 407a9cc955bb35400933a4e7bb42d8a47e0bffbe
Author: Lokesh Mandvekar <lsm5 at redhat.com>
Date:   Wed Oct 2 15:52:35 2013 -0500

    setfcap removed from template 0.6.3-2
    
    Signed-off-by: Lokesh Mandvekar <lsm5 at redhat.com>

 docker-0.6.3-remove-setfcap-from-template.patch |   26 +++++++++++++++++++++++
 docker-io.spec                                  |    8 ++++++-
 2 files changed, 33 insertions(+), 1 deletions(-)
---
diff --git a/docker-0.6.3-remove-setfcap-from-template.patch b/docker-0.6.3-remove-setfcap-from-template.patch
new file mode 100644
index 0000000..a2883b0
--- /dev/null
+++ b/docker-0.6.3-remove-setfcap-from-template.patch
@@ -0,0 +1,26 @@
+From 72c019628997def293d66d304595d03952eac2a8 Mon Sep 17 00:00:00 2001
+From: Marek Goldmann <marek.goldmann at gmail.com>
+Date: Fri, 27 Sep 2013 18:39:36 +0200
+Subject: [PATCH] Remove setfcap from lxc.cap.drop to make setxattr() calls
+ working in the containers
+
+---
+ lxc_template.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lxc_template.go b/lxc_template.go
+index b34ff85..0e2dfaf 100644
+--- a/lxc_template.go
++++ b/lxc_template.go
+@@ -111,7 +111,7 @@ lxc.mount.entry = {{$realPath}} {{$ROOTFS}}/{{$virtualPath}} none bind,{{ if ind
+ #  (Note: 'lxc.cap.keep' is coming soon and should replace this under the
+ #         security principle 'deny all unless explicitly permitted', see
+ #         http://sourceforge.net/mailarchive/message.php?msg_id=31054627 )
+-lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setfcap setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
++lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
+ {{end}}
+ 
+ # limits
+-- 
+1.8.3.1
+
diff --git a/docker-io.spec b/docker-io.spec
index 2c34814..f40b439 100644
--- a/docker-io.spec
+++ b/docker-io.spec
@@ -4,12 +4,13 @@
 
 Name:           docker-io
 Version:        0.6.3
-Release:        1.devicemapper%{?dist}
+Release:        2.devicemapper%{?dist}
 Summary:        Automates deployment of containerized applications
 License:        ASL 2.0
 
 Patch0:         docker-%{version}-alexl-devmapper.patch
 Patch1:         docker-%{version}-remove-dotcloud-tar.patch
+Patch2:         docker-%{version}-remove-setfcap-from-template.patch
 URL:            http://www.docker.io
 Source0:        https://github.com/dotcloud/docker/archive/v%{version}.tar.gz
 Source1:        docker.service
@@ -38,6 +39,7 @@ servers, OpenStack clusters, public instances, or combinations of the above.
 %setup -q -n docker-%{version}
 %patch0 -p1 -b docker-%{version}-alexl-devmapper.patch
 %patch1 -p1 -b docker-%{version}-remove-dotcloud-tar.patch
+%patch2 -p1 -b docker-%{version}-remove-setfcap-from-template.patch
 
 %build
 mkdir _build
@@ -93,6 +95,10 @@ exit 0
 %dir %{_sharedstatedir}/docker
 
 %changelog
+* Fri Sep 27 2013 Marek Goldmann <mgoldman at redhat.com> - 0.6.3-2.devicemapper
+- Remove setfcap from lxc.cap.drop to make setxattr() calls working in the
+  containers, RHBZ#1012952
+
 * Thu Sep 26 2013 Lokesh Mandvekar <lsm5 at redhat.com> 0.6.3-1.devicemapper
 - version bump
 - new version solves docker push issues