From 816b9d02b969728765d2aa1f975f5e80b9554f63 Mon Sep 17 00:00:00 2001
From: Sapan Bhatia <gwsapan@gmail.com>
Date: Tue, 22 Jan 2013 11:03:11 -0500
Subject: [PATCH] Fix bug in dropped capabilities

---
 lxcsu | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lxcsu b/lxcsu
index abc98be..bf69e50 100644
--- a/lxcsu
+++ b/lxcsu
@@ -7,7 +7,7 @@ import sys
 
 #from optparse import OptionParser
 
-drop_capabilities='cap_sys_admin,cap_sys_boot,cap_sys_module'.split(',')
+drop_capabilities='cap_sys_admin,cap_sys_boot,cap_sys_module'
 
 def umount(fs_dir):
     output = os.popen('/bin/umount %s 2>&1'%fs_dir).read()
@@ -117,10 +117,11 @@ if (not umount('/sys/fs/cgroup')):
 
 pid = os.fork()
 
-cap_args = map(lambda c:'--drop='+c, drop_capabilities)
-    
 if (pid == 0):
+    cap_arg = '--drop='+drop_capabilities
+    exec_args = ['/usr/sbin/capsh',cap_arg,'--','--login']+args[1:]
+
     os.environ['SHELL'] = '/bin/sh'
-    os.execv('/usr/sbin/capsh',cap_args+['--','--login']+args[1:])
+    os.execv('/usr/sbin/capsh',exec_args)
 else:
     os.waitpid(pid,0)
-- 
2.43.0