Index: /trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp
===================================================================
--- /trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp	(revision 16047)
+++ /trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp	(revision 16048)
@@ -133,4 +133,7 @@
 /** The real GID at startup. */
 static gid_t g_gid;
+# ifdef RT_OS_LINUX
+static __u32 g_uCaps;
+# endif
 #endif
 
@@ -608,16 +611,20 @@
      */
 #  ifdef USE_LIB_PCAP
+    /* XXX cap_net_bind_service */
     if (!cap_set_proc(cap_from_text("all-eip cap_net_raw+ep")))
         prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0);
 #  else
-    cap_user_header_t hdr = (cap_user_header_t)alloca(sizeof(*hdr));
-    cap_user_data_t   cap = (cap_user_data_t)alloca(sizeof(*cap));
-    memset(hdr, 0, sizeof(*hdr));
-    hdr->version = _LINUX_CAPABILITY_VERSION;
-    memset(cap, 0, sizeof(*cap));
-    cap->effective = CAP_TO_MASK(CAP_NET_RAW);
-    cap->permitted = CAP_TO_MASK(CAP_NET_RAW);
-    if (!capset(hdr, cap))
-        prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0);
+    if (g_uCaps != 0)
+    {
+        cap_user_header_t hdr = (cap_user_header_t)alloca(sizeof(*hdr));
+        cap_user_data_t   cap = (cap_user_data_t)alloca(sizeof(*cap));
+        memset(hdr, 0, sizeof(*hdr));
+        hdr->version = _LINUX_CAPABILITY_VERSION;
+        memset(cap, 0, sizeof(*cap));
+        cap->effective = g_uCaps;
+        cap->permitted = g_uCaps;
+        if (!capset(hdr, cap))
+            prctl(PR_SET_KEEPCAPS, /*keep=*/1, 0, 0, 0);
+    }
 #  endif
 
@@ -655,4 +662,36 @@
 }
 
+/*
+ * Look at the environment for some special options.
+ */
+static void supR3GrabOptions(void)
+{
+    const char *pszOpt;
+
+# ifdef RT_OS_LINUX
+    g_uCaps = 0;
+
+    /*
+     * CAP_NET_RAW.
+     * Default: enabled.
+     * Can be disabled with 'export VBOX_HARD_CAP_NET_RAW=0'.
+     */
+    pszOpt = getenv("VBOX_HARD_CAP_NET_RAW");
+    if (   !pszOpt
+        || memcmp(pszOpt, "0", sizeof("0")) != 0)
+        g_uCaps = CAP_TO_MASK(CAP_NET_RAW);
+
+    /*
+     * CAP_NET_BIND_SERVICE.
+     * Default: disabled.
+     * Can be enabled with 'export VBOX_HARD_CAP_NET_BIND_SERVICE=1'.
+     */
+    pszOpt = getenv("VBOX_HARD_CAP_NET_BIND_SERVICE");
+    if (   pszOpt
+        && memcmp(pszOpt, "0", sizeof("0")) != 0)
+        g_uCaps |= CAP_TO_MASK(CAP_NET_BIND_SERVICE);
+# endif
+}
+
 /**
  * Drop any root privileges we might be holding.
@@ -725,15 +764,19 @@
 #  ifdef USE_LIB_PCAP
     /** @todo Warn if that does not work? */
+    /* XXX cap_net_bind_service */
     cap_set_proc(cap_from_text("cap_net_raw+ep"));
 #  else
-    cap_user_header_t hdr = (cap_user_header_t)alloca(sizeof(*hdr));
-    cap_user_data_t   cap = (cap_user_data_t)alloca(sizeof(*cap));
-    memset(hdr, 0, sizeof(*hdr));
-    hdr->version = _LINUX_CAPABILITY_VERSION;
-    memset(cap, 0, sizeof(*cap));
-    cap->effective = CAP_TO_MASK(CAP_NET_RAW);
-    cap->permitted = CAP_TO_MASK(CAP_NET_RAW);
-    /** @todo Warn if that does not work? */
-    capset(hdr, cap);
+    if (g_uCaps != 0)
+    {
+        cap_user_header_t hdr = (cap_user_header_t)alloca(sizeof(*hdr));
+        cap_user_data_t   cap = (cap_user_data_t)alloca(sizeof(*cap));
+        memset(hdr, 0, sizeof(*hdr));
+        hdr->version = _LINUX_CAPABILITY_VERSION;
+        memset(cap, 0, sizeof(*cap));
+        cap->effective = g_uCaps;
+        cap->permitted = g_uCaps;
+        /** @todo Warn if that does not work? */
+        capset(hdr, cap);
+    }
 #  endif
 # endif
@@ -953,5 +996,11 @@
      */
     supR3HardenedGetFullExePath();
+
 # endif
+
+    /*
+     * Grab any options from the environment.
+     */
+    supR3GrabOptions();
 
     /*