diff -urp bluez-4.47.orig/configure.ac bluez-4.47/configure.ac
--- bluez-4.47.orig/configure.ac	2009-08-15 14:21:26.000000000 -0400
+++ bluez-4.47/configure.ac	2009-08-15 14:22:27.000000000 -0400
@@ -45,6 +45,7 @@ AC_PATH_NETLINK
 AC_PATH_SNDFILE
 
 AC_ARG_BLUEZ
+LIBCAP_NG_PATH
 
 AC_OUTPUT([
 	Makefile
diff -urp bluez-4.47.orig/src/main.c bluez-4.47/src/main.c
--- bluez-4.47.orig/src/main.c	2009-08-15 14:21:26.000000000 -0400
+++ bluez-4.47/src/main.c	2009-08-15 14:27:02.000000000 -0400
@@ -55,6 +55,9 @@
 #include "dbus-common.h"
 #include "agent.h"
 #include "manager.h"
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif
 
 #define LAST_ADAPTER_EXIT_TIMEOUT 30
 
@@ -343,6 +346,14 @@ int main(int argc, char *argv[])
 	GKeyFile *config;
 
 	init_defaults();
+#ifdef HAVE_LIBCAP_NG
+	/* Drop capabilities */
+	capng_clear(CAPNG_SELECT_BOTH);
+	capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+			CAP_NET_BIND_SERVICE, CAP_NET_ADMIN, CAP_NET_RAW,
+			CAP_IPC_LOCK, -1);
+	capng_apply(CAPNG_SELECT_BOTH);
+#endif
 
 	context = g_option_context_new(NULL);
 	g_option_context_add_main_entries(context, options, NULL);
diff -urp bluez-4.47.orig/src/Makefile.am bluez-4.47/src/Makefile.am
--- bluez-4.47.orig/src/Makefile.am	2009-08-15 14:21:26.000000000 -0400
+++ bluez-4.47/src/Makefile.am	2009-08-15 14:23:35.000000000 -0400
@@ -23,7 +23,8 @@ bluetoothd_SOURCES = main.c security.c h
 
 bluetoothd_LDADD = $(top_builddir)/common/libhelper.a \
 			$(top_builddir)/plugins/libbuiltin.la \
-			@GDBUS_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ @BLUEZ_LIBS@ -ldl
+			@GDBUS_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ @BLUEZ_LIBS@ \
+			@CAPNG_LDADD@ -ldl
 
 bluetoothd_LDFLAGS = -Wl,--export-dynamic