diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index 9a41a4976..05d71b99d 100644
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -179,6 +179,7 @@ lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.mount  = $path/fstab
 lxc.arch = $arch
+lxc.cap.drop = sys_module mac_override mac_admin
 
 lxc.cgroup.devices.deny = a
 # /dev/null and zero