diff --git a/conf/container.conf b/conf/container.conf
index 2acd587..56301e0 100644
--- a/conf/container.conf
+++ b/conf/container.conf
@@ -41,6 +41,8 @@ lxc.cgroup.memory.limit_in_bytes = %CONTAINER_MEMORY%M
 # lxc.cgroup.cpu.cfs_quota_us  : quota time of this process
 lxc.cgroup.cpu.cfs_quota_us = %CONTAINER_CPU%
 
+lxc.cap.drop = sys_admin net_admin mac_admin mac_override sys_time sys_module
+
 lxc.mount.entry = %FS_PREFIX%/global/users/%USERNAME%/data %ROOTFS%/root/nfs none bind,rw,create=dir 0 0
 lxc.mount.entry = %FS_PREFIX%/global/users/%USERNAME%/hosts/%CLUSTERID%.hosts %ROOTFS%/etc/hosts none bind,ro,create=file 0 0
 lxc.mount.entry = %FS_PREFIX%/global/users/%USERNAME%/ssh %ROOTFS%/root/.ssh none bind,ro,create=dir 0 0