diff --git a/SOURCES/iputils-20121221-caps.patch b/SOURCES/iputils-20121221-caps.patch
new file mode 100644
index 0000000..f46883b
--- /dev/null
+++ b/SOURCES/iputils-20121221-caps.patch
@@ -0,0 +1,67 @@
+diff -rup iputils-s20121221/clockdiff.c iputils-s20121221-new/clockdiff.c
+--- iputils-s20121221/clockdiff.c	2012-12-21 15:01:07.000000000 +0100
++++ iputils-s20121221-new/clockdiff.c	2015-03-23 10:17:29.190895413 +0100
+@@ -21,6 +21,7 @@
+ #include <errno.h>
+ #include <linux/types.h>
+ #ifdef CAPABILITIES
++#include <sys/prctl.h>
+ #include <sys/capability.h>
+ #endif
+ 
+@@ -534,12 +535,51 @@ usage() {
+ 
+ void drop_rights(void) {
+ #ifdef CAPABILITIES
+-	cap_t caps = cap_init();
+-	if (cap_set_proc(caps)) {
+-		perror("clockdiff: cap_set_proc");
++	cap_t cap_cur_p;
++	cap_t cap_p;
++	cap_value_t cap_raw = CAP_NET_RAW;
++	cap_flag_value_t cap_ok;
++
++	cap_cur_p = cap_get_proc();
++	if (!cap_cur_p) {
++		perror("ping: cap_get_proc");
+ 		exit(-1);
+ 	}
+-	cap_free(caps);
++
++	cap_p = cap_init();
++	if (!cap_p) {
++		perror("ping: cap_init");
++		exit(-1);
++	}
++
++	cap_ok = CAP_CLEAR;
++	cap_get_flag(cap_cur_p, CAP_NET_RAW, CAP_PERMITTED, &cap_ok);
++
++	if (cap_ok != CAP_CLEAR)
++		cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_raw, CAP_SET);
++
++	if (cap_set_proc(cap_p) < 0) {
++		perror("ping: cap_set_proc");
++		exit(-1);
++	}
++
++	if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
++		perror("ping: prctl");
++		exit(-1);
++	}
++
++	if (setuid(getuid()) < 0) {
++		perror("setuid");
++		exit(-1);
++	}
++
++	if (prctl(PR_SET_KEEPCAPS, 0) < 0) {
++		perror("ping: prctl");
++		exit(-1);
++	}
++
++	cap_free(cap_p);
++	cap_free(cap_cur_p);
+ #endif
+ 	if (setuid(getuid())) {
+ 		perror("clockdiff: setuid");
diff --git a/SPECS/iputils.spec b/SPECS/iputils.spec
index dd4cdd6..a10326b 100644
--- a/SPECS/iputils.spec
+++ b/SPECS/iputils.spec
@@ -3,7 +3,7 @@
 Summary: Network monitoring tools including ping
 Name: iputils
 Version: 20121221
-Release: 6%{?dist}
+Release: 6%{?dist}.1
 # some parts are under the original BSD (ping.c)
 # some are under GPLv2+ (tracepath.c)
 License: BSD and GPLv2+
@@ -20,6 +20,7 @@ Source6: ninfod.service
 Patch0: iputils-20020927-rh.patch
 Patch1: iputils-ifenslave.patch
 Patch2: iputils-20121221-floodlocale.patch
+Patch3: iputils-20121221-caps.patch
 
 BuildRequires: docbook-utils perl-SGMLSpm
 BuildRequires: glibc-kernheaders >= 2.4-8.19
@@ -70,6 +71,7 @@ Queries.
 %patch0 -p1 -b .rh
 %patch1 -p1 -b .addr
 %patch2 -p1 -b .floc
+%patch3 -p1 -b .caps
 
 %build
 %ifarch s390 s390x
@@ -147,12 +149,12 @@ mv -f RELNOTES.tmp RELNOTES
 %files
 %doc RELNOTES README.bonding
 %{_unitdir}/rdisc.service
-%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/clockdiff
-%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/arping
-%attr(0755,root,root) %caps(cap_net_raw=ep cap_net_admin=ep) %{_bindir}/ping
+%attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/clockdiff
+%attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/arping
+%attr(0755,root,root) %caps(cap_net_raw=p cap_net_admin=p) %{_bindir}/ping
 %{_sbindir}/ifenslave
 %{_sbindir}/rdisc
-%attr(0755,root,root) %caps(cap_net_raw=ep cap_net_admin=ep) %{_bindir}/ping6
+%attr(0755,root,root) %caps(cap_net_raw=p cap_net_admin=p) %{_bindir}/ping6
 %{_bindir}/tracepath
 %{_bindir}/tracepath6
 %{_sbindir}/ping6
@@ -177,6 +179,9 @@ mv -f RELNOTES.tmp RELNOTES
 %attr(644,root,root) %{_mandir}/man8/ninfod.8.gz
 
 %changelog
+* Mon Jun  8 2015 Jan Synáček <jsynacek@redhat.com> - 20121221-6.1
+- ping does not work in dkr images (#1228606)
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 20121221-6
 - Mass rebuild 2014-01-24