From b96d304b93b8768f3427cc5495a66fb56e09453c Mon Sep 17 00:00:00 2001
From: Christian Hammerl <info@christian-hammerl.de>
Date: Sat, 18 Oct 2014 15:25:07 +0200
Subject: [PATCH] docker: add support to add/drop capabilities

---
 cloud/docker/docker.py | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/cloud/docker/docker.py b/cloud/docker/docker.py
index e77951abf49..6cf7ed1d51e 100644
--- a/cloud/docker/docker.py
+++ b/cloud/docker/docker.py
@@ -292,7 +292,19 @@ options:
     required: false
     default: null
     version_added: "2.0"
-
+  cap_add:
+    description:
+      - Add capabilities for the container. Requires docker-py >= 0.5.0.
+    required: false
+    default: false
+    version_added: "2.0"
+  cap_drop:
+    description:
+      - Drop capabilities for the container. Requires docker-py >= 0.5.0.
+    required: false
+    default: false
+    aliases: []
+    version_added: "2.0"
 author:
     - "Cove Schneider (@cove)"
     - "Joshua Conner (@joshuaconner)"
@@ -551,6 +563,8 @@ class DockerManager(object):
             'log_driver': ((1, 2, 0), '1.18'),
             'host_config': ((0, 7, 0), '1.15'),
             'cpu_set': ((0, 6, 0), '1.14'),
+            'cap_add': ((0, 5, 0), '1.14'),
+            'cap_drop': ((0, 5, 0), '1.14'),
             # Clientside only
             'insecure_registry': ((0, 5, 0), '0.0')
             }
@@ -1321,7 +1335,8 @@ class DockerManager(object):
 
         optionals = {}
         for optional_param in ('dns', 'volumes_from', 'restart_policy',
-                'restart_policy_retry', 'pid', 'extra_hosts', 'log_driver'):
+                'restart_policy_retry', 'pid', 'extra_hosts', 'log_driver',
+                'cap_add', 'cap_drop'):
             optionals[optional_param] = self.module.params.get(optional_param)
 
         if optionals['dns'] is not None:
@@ -1356,6 +1371,14 @@ class DockerManager(object):
             log_config.type = optionals['log_driver']
             params['log_config'] = log_config
 
+        if optionals['cap_add'] is not None:
+            self.ensure_capability('cap_add')
+            params['cap_add'] = optionals['cap_add']
+
+        if optionals['cap_drop'] is not None:
+            self.ensure_capability('cap_drop')
+            params['cap_drop'] = optionals['cap_drop']
+
         return docker.utils.create_host_config(**params)
 
     def create_containers(self, count=1):
@@ -1609,6 +1632,8 @@ def main():
             insecure_registry = dict(default=False, type='bool'),
             log_driver      = dict(default=None, choices=['json-file', 'none', 'syslog']),
             cpu_set         = dict(default=None),
+            cap_add         = dict(default=None, type='list'),
+            cap_drop        = dict(default=None, type='list'),
         ),
         required_together = (
             ['tls_client_cert', 'tls_client_key'],