From 4cfb71eafc147e3da33d8bffba68500fdd9499d5 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Fri, 15 Jul 2016 15:25:40 +0100
Subject: [PATCH] remove unnecessary capabilities from nginx example

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 docs/containerd.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/containerd.md b/docs/containerd.md
index e73566c81..6a9e0a835 100644
--- a/docs/containerd.md
+++ b/docs/containerd.md
@@ -11,7 +11,7 @@ NAME=nginx
 VERSION=latest
 
 docker pull ${NAME}:${VERSION}
-CONTAINER=$(docker create --net=host --security-opt apparmor=unconfined --oom-score-adj=-500 -v /var/log/nginx:/var/log/nginx -v /var/cache/nginx:/var/cache/nginx -v /var/run:/var/run ${NAME}:${VERSION})
+CONTAINER=$(docker create --net=host --security-opt apparmor=unconfined --cap-drop all --cap-add net_bind_service --oom-score-adj=-500 -v /var/log/nginx:/var/log/nginx -v /var/cache/nginx:/var/cache/nginx -v /var/run:/var/run ${NAME}:${VERSION})
 docker run -v ${PWD}:/conf -v /var/run/docker.sock:/var/run/docker.sock --rm jess/riddler -f -bundle /conf ${CONTAINER}
 rm -rf rootfs && mkdir rootfs
 docker export ${CONTAINER} | tar -C rootfs -xf -