diff --git a/dhcp-4.2.2-capability.patch b/dhcp-4.2.2-capability.patch
index 1f31e17..79af036 100644
--- a/dhcp-4.2.2-capability.patch
+++ b/dhcp-4.2.2-capability.patch
@@ -283,7 +283,7 @@ diff -up dhcp-4.2.2b1/server/dhcpd.c.capability dhcp-4.2.2b1/server/dhcpd.c
 +	if (!keep_capabilities) {
 +		capng_clear(CAPNG_SELECT_BOTH);
 +		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-+				CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1);
++				CAP_NET_RAW, CAP_NET_BIND_SERVICE, CAP_SYS_CHROOT, CAP_SETUID, CAP_SETGID, -1);
 +		capng_apply(CAPNG_SELECT_BOTH);
 +		log_info ("Dropped all unnecessary capabilities.");
 +	}
diff --git a/dhcp.spec b/dhcp.spec
index f14e905..b3ded11 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -16,7 +16,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.2
-Release:  0.2.%{prever}%{?dist}
+Release:  0.3.%{prever}%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -644,6 +644,9 @@ fi
 %{_initddir}/dhcrelay
 
 %changelog
+* Mon Jul 25 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.2-0.3.rc1
+- Improve capabilities patch to be able to run with PARANOIA & EARLY_CHROOT (#699713)
+
 * Mon Jul 18 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.2-0.2.rc1
 - 4.2.2rc1