Keep cap_net_admin for configuring networking inside a slice

diff --combined lxcsu
index f794b88,eceea86..eae5225
--- 1/lxcsu
--- 2/lxcsu
+++ b/lxcsu
@@@ -7,7 -7,7 +7,7 @@@ import sy
  
  #from optparse import OptionParser
  
- drop_capabilities='cap_sys_admin,cap_net_admin,cap_sys_boot,cap_sys_module'.split(',')
+ drop_capabilities='cap_sys_admin,cap_sys_boot,cap_sys_module'.split(',')
  
  """
  parser = OptionParser()
@@@ -60,29 -60,6 +60,29 @@@ if (not slice_spec or not pid)
      print "Not started: %s"%slice_name
      exit(1)
  
 +# Enter cgroups
 +try:
 +    for subsystem in ['cpuset','memory','blkio']:
 +        open('/sys/fs/cgroup/%s/libvirt/lxc/%s/tasks'%(subsystem,slice_name),'w').write(str(os.getpid()))
 +
 +except:
 +    print "Error assigning resources: %s"%slice_name
 +    exit(1)
 +
 +# If the slice is frozen, then we'll get an EBUSY when trying to write to the task
 +# list for the freezer cgroup. Since the user couldn't do anything anyway, it's best
 +# in this case to error out the shell. (an alternative would be to un-freeze it,
 +# add the task, and re-freeze it)
 +try:
 +    f=open('/sys/fs/cgroup/freezer/libvirt/lxc/%s/tasks'%(slice_name),'w')
 +    f.write(str(os.getpid()))
 +    # note: we need to call f.close() explicitly, or we'll get an exception in
 +    # the object destructor, which will not be caught
 +    f.close()
 +except:
 +    print "Error adding task to freezer cgroup. Slice is probably frozen: %s" % slice_name
 +    exit(1)
 +
  r1 = setns.chcontext('/proc/%s/ns/utc'%pid)
  r2 = setns.chcontext('/proc/%s/ns/ipc'%pid)
  path = '/proc/%s/ns/net'%pid
@@@ -91,8 -68,6 +91,8 @@@ r3 = setns.chcontext(path
  open('/proc/lxcsu','w').write(pid)
  open('/proc/pidsu','w').write(pid)
  
 +
 +
  pid = os.fork()
  
  cap_args = map(lambda c:'--drop='+c, drop_capabilities)