From 1a6454d2425a54dd7d43e41d1d879a918bf4c3a6 Mon Sep 17 00:00:00 2001
From: Mahmood Ali <mahmood@hashicorp.com>
Date: Fri, 24 May 2019 14:03:26 -0400
Subject: [PATCH] special case root capabilities

---
 drivers/shared/executor/executor_linux.go | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/drivers/shared/executor/executor_linux.go b/drivers/shared/executor/executor_linux.go
index cf0aa8df870..14a406aae45 100644
--- a/drivers/shared/executor/executor_linux.go
+++ b/drivers/shared/executor/executor_linux.go
@@ -553,12 +553,20 @@ func configureCapabilities(cfg *lconfigs.Config, command *ExecCommand) error {
 	// TODO: allow better control of these
 	// use capabilities list as prior to adopting libcontainer in 0.9
 	allCaps := supportedCaps()
-	cfg.Capabilities = &lconfigs.Capabilities{
-		Bounding:    allCaps,
-		Permitted:   nil,
-		Inheritable: nil,
-		Ambient:     nil,
-		Effective:   nil,
+
+	// match capabilities used in Nomad 0.8
+	if command.User == "root" {
+		cfg.Capabilities = &lconfigs.Capabilities{
+			Bounding:    allCaps,
+			Permitted:   allCaps,
+			Effective:   allCaps,
+			Ambient:     nil,
+			Inheritable: nil,
+		}
+	} else {
+		cfg.Capabilities = &lconfigs.Capabilities{
+			Bounding: allCaps,
+		}
 	}
 
 	return nil