From 070362da39cc061100a89d87a0b9dc118ca6e906 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Fri, 27 May 2016 11:22:40 -0700
Subject: [PATCH] contrib/dnsmasq: Add CAP_NET_RAW, CAP_SETUID, CAP_SETGUID

* Allow dnsmasq to be run as a daemon (without -d flag)
* Bump coreos.com/dnsmasq to v0.3.0
---
 contrib/dnsmasq/build-aci | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contrib/dnsmasq/build-aci b/contrib/dnsmasq/build-aci
index bc83e520..685ad608 100755
--- a/contrib/dnsmasq/build-aci
+++ b/contrib/dnsmasq/build-aci
@@ -16,7 +16,7 @@ trap "{ export EXT=$?; acbuild --debug end && exit $EXT; }" EXIT
 acbuild --debug set-name coreos.com/dnsmasq
 
 # Add a version label
-acbuild --debug label add version v0.2.0
+acbuild --debug label add version v0.3.0
 
 # Add alpine base dependency
 acbuild --debug dep add quay.io/coreos/alpine-sh
@@ -33,7 +33,7 @@ acbuild --debug port add dhcp udp 67
 acbuild --debug port add dns udp 53
 
 # Elevate network admin capabilities
-echo "{\"set\": [\"CAP_NET_ADMIN\", \"CAP_NET_BIND_SERVICE\"]}" | acbuild --debug isolator add os/linux/capabilities-retain-set -
+echo "{\"set\": [\"CAP_NET_ADMIN\", \"CAP_NET_BIND_SERVICE\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_NET_RAW\"]}" | acbuild --debug isolator add os/linux/capabilities-retain-set -
 
 # Set the exec command
 acbuild --debug set-exec -- /usr/sbin/dnsmasq -d