diff --git a/smartmontools-5.38-lowcap.patch b/smartmontools-5.38-lowcap.patch
new file mode 100644
index 0000000..088353f
--- /dev/null
+++ b/smartmontools-5.38-lowcap.patch
@@ -0,0 +1,53 @@
+diff -urp smartmontools-5.38.orig/configure.in smartmontools-5.38/configure.in
+--- smartmontools-5.38.orig/configure.in	2009-08-16 07:42:57.000000000 -0400
++++ smartmontools-5.38/configure.in	2009-08-16 08:07:53.000000000 -0400
+@@ -143,6 +143,8 @@ if test "$with_selinux" = "yes"; then
+ 	AC_DEFINE(WITH_SELINUX, [1], [Define to 1 if SELinux support is enabled])
+ fi
+ 
++LIBCAP_NG_PATH
++
+ if test "$prefix" = "NONE"; then
+     dnl no prefix and no mandir, so use ${prefix}/share/man as default
+     if test "$mandir" = '${prefix}/man'; then
+diff -urp smartmontools-5.38.orig/Makefile.am smartmontools-5.38/Makefile.am
+--- smartmontools-5.38.orig/Makefile.am	2009-08-16 07:42:57.000000000 -0400
++++ smartmontools-5.38/Makefile.am	2009-08-16 08:07:53.000000000 -0400
+@@ -35,7 +35,7 @@ smartd_SOURCES =  smartd.cpp      \
+                   utility.cpp     \
+                   utility.h
+ 
+-smartd_LDADD = @os_deps@ @os_libs@
++smartd_LDADD = @os_deps@ @os_libs@ @CAPNG_LDADD@
+ smartd_DEPENDENCIES = @os_deps@
+ 
+ EXTRA_smartd_SOURCES = os_darwin.cpp    \
+diff -urp smartmontools-5.38.orig/smartd.cpp smartmontools-5.38/smartd.cpp
+--- smartmontools-5.38.orig/smartd.cpp	2009-08-16 07:42:57.000000000 -0400
++++ smartmontools-5.38/smartd.cpp	2009-08-16 08:08:27.000000000 -0400
+@@ -74,6 +74,10 @@ extern "C" int __stdcall FreeConsole(voi
+ #include <io.h> // setmode()
+ #endif // __CYGWIN__
+ 
++#ifdef HAVE_LIBCAP_NG
++#include <cap-ng.h>
++#endif //LIBCAP_NG
++
+ // locally included files
+ #include "int64.h"
+ #include "atacmds.h"
+@@ -4408,6 +4412,14 @@ static int smartd_main(int argc, char **
+   
+   // don't exit on bad checksums
+   con->checksumfail=0;
++
++#ifdef HAVE_LIBCAP_NG
++  // Drop capabilities
++  capng_clear(CAPNG_SELECT_BOTH);
++  capng_update(CAPNG_ADD, (capng_type_t)(CAPNG_EFFECTIVE|CAPNG_PERMITTED),
++               CAP_SYS_ADMIN);
++  capng_apply(CAPNG_SELECT_BOTH);
++#endif
+   
+   // the main loop of the code
+   while (1){
diff --git a/smartmontools.spec b/smartmontools.spec
index 3f42f91..a5ff383 100644
--- a/smartmontools.spec
+++ b/smartmontools.spec
@@ -1,7 +1,7 @@
 Summary:	Tools for monitoring SMART capable hard disks
 Name:		smartmontools
 Version:	5.38
-Release: 	13%{?dist}
+Release: 	14%{?dist}
 Epoch:		1
 Group:		System Environment/Base
 License:	GPLv2+
@@ -14,6 +14,7 @@ Patch2:     smartmontools-5.37-addrinfo.patch
 Patch3:     smartmontools-5.38-perc.patch
 Patch4:     smartmontools-5.38-selinux.patch
 Patch5:     smartmontools-5.38-defaultconf.patch
+Patch6:     smartmontools-5.38-lowcap.patch
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires:	fileutils mailx chkconfig initscripts
 BuildRequires: readline-devel ncurses-devel /usr/bin/aclocal util-linux groff gettext
@@ -34,6 +35,7 @@ failure.
 %patch3 -p1 -b .perc
 %patch4 -p1 -b .selinux
 %patch5 -p1 -b .defaultconf
+%patch6 -p1 -b .lowcap
 
 %build
 %configure --with-selinux
@@ -75,6 +77,9 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/smartmontools
 
 %changelog
+* Fri Aug 21 2009 Michal Hlavinka <mhlavink@redhat.com> - 1:5.38-14
+- drop all unnecessary capabilities (#517728)
+
 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:5.38-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild