From 57c2b7c266d92685ebd27519e6901e76ad976370 Mon Sep 17 00:00:00 2001
From: Paul Weil <pweil@redhat.com>
Date: Mon, 25 Apr 2016 14:44:46 -0400
Subject: [PATCH] do not force drop KILL cap on anyuid SCC

---
 pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go b/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go
index a2ec514967cd..8f052e35ecef 100644
--- a/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go
+++ b/pkg/cmd/server/bootstrappolicy/securitycontextconstraints.go
@@ -229,7 +229,7 @@ func GetBootstrapSecurityContextConstraints(sccNameToAdditionalGroups map[string
 			// prefer the anyuid SCC over ones that force a uid
 			Priority: &securityContextConstraintsAnyUIDPriority,
 			// drops unsafe caps
-			RequiredDropCapabilities: []kapi.Capability{"KILL", "MKNOD", "SYS_CHROOT"},
+			RequiredDropCapabilities: []kapi.Capability{"MKNOD", "SYS_CHROOT"},
 		},
 		// SecurityContextConstraintsHostNetwork allows host network and host ports
 		{