Index: include/asterisk/options.h
===================================================================
--- include/asterisk/options.h	(revision 230993)
+++ include/asterisk/options.h	(working copy)
@@ -90,6 +90,8 @@
 	AST_OPT_FLAG_FORCE_BLACK_BACKGROUND = (1 << 27),
 	/*! Hide remote console connect messages on console */
 	AST_OPT_FLAG_HIDE_CONSOLE_CONNECT = (1 << 28),
+	/*! Don't swap */
+	AST_OPT_FLAG_DONT_SWAP = (1 << 29),
 };
 
 /*! These are the options that set by default when Asterisk starts */
@@ -122,6 +124,7 @@
 #define ast_opt_light_background		ast_test_flag(&ast_options, AST_OPT_FLAG_LIGHT_BACKGROUND)
 #define ast_opt_force_black_background		ast_test_flag(&ast_options, AST_OPT_FLAG_FORCE_BLACK_BACKGROUND)
 #define ast_opt_hide_connect		ast_test_flag(&ast_options, AST_OPT_FLAG_HIDE_CONSOLE_CONNECT)
+#define ast_opt_dont_swap		ast_test_flag(&ast_options, AST_OPT_FLAG_DONT_SWAP)
 
 extern struct ast_flags ast_options;
 
Index: main/app.c
===================================================================
--- main/app.c	(revision 230993)
+++ main/app.c	(working copy)
@@ -2050,7 +2050,7 @@
 	} else {
 		/* Child */
 #ifdef HAVE_CAP
-		cap_t cap = cap_from_text("cap_net_admin-eip");
+		cap_t cap = cap_from_text("cap_net_admin-eip cap_ipc_lock-eip");
 
 		if (cap_set_proc(cap)) {
 			ast_log(LOG_WARNING, "Unable to remove capabilities.\n");
Index: main/asterisk.c
===================================================================
--- main/asterisk.c	(revision 230993)
+++ main/asterisk.c	(working copy)
@@ -1017,7 +1017,7 @@
 
 	if (pid == 0) {
 #ifdef HAVE_CAP
-		cap_t cap = cap_from_text("cap_net_admin-eip");
+		cap_t cap = cap_from_text("cap_net_admin-eip cap_ipc_lock-eip");
 
 		if (cap_set_proc(cap)) {
 			/* Careful with order! Logging cannot happen after we close FDs */
@@ -3141,8 +3141,23 @@
 	if (getenv("HOME")) 
 		snprintf(filename, sizeof(filename), "%s/.asterisk_history", getenv("HOME"));
 	/* Check for options */
-	while ((c = getopt(argc, argv, "mtThfFdvVqprRgciInx:U:G:C:L:M:e:s:WB")) != -1) {
+	while ((c = getopt(argc, argv, "mtThfFdvVqprRgciInSx:U:G:C:L:M:e:s:WB")) != -1) {
 		switch (c) {
+		case 'B': /* Force black background */
+			ast_set_flag(&ast_options, AST_OPT_FLAG_FORCE_BLACK_BACKGROUND);
+			ast_clear_flag(&ast_options, AST_OPT_FLAG_LIGHT_BACKGROUND);
+			break;
+		case 'c':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK | AST_OPT_FLAG_CONSOLE);
+			break;
+		case 'C':
+			ast_copy_string(cfg_paths.config_file, optarg, sizeof(cfg_paths.config_file));
+			ast_set_flag(&ast_options, AST_OPT_FLAG_OVERRIDE_CONFIG);
+			break;
+		case 'd':
+			option_debug++;
+			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK);
+			break;
 #if defined(HAVE_SYSINFO)
 		case 'e':
 			if ((sscanf(&optarg[1], "%30ld", &option_minmemfree) != 1) || (option_minmemfree < 0)) {
@@ -3158,88 +3173,76 @@
 			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK);
 			break;
 #endif
-		case 'd':
-			option_debug++;
-			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK);
+		case 'G':
+			rungroup = ast_strdupa(optarg);
 			break;
-		case 'c':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK | AST_OPT_FLAG_CONSOLE);
+		case 'g':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_DUMP_CORE);
 			break;
-		case 'n':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_COLOR);
+		case 'h':
+			show_cli_help();
+			exit(0);
+		case 'I':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_INTERNAL_TIMING);
 			break;
-		case 'r':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK | AST_OPT_FLAG_REMOTE);
+		case 'i':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_INIT_KEYS);
 			break;
-		case 'R':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK | AST_OPT_FLAG_REMOTE | AST_OPT_FLAG_RECONNECT);
+		case 'L':
+			if ((sscanf(optarg, "%30lf", &option_maxload) != 1) || (option_maxload < 0.0))
+				option_maxload = 0.0;
 			break;
-		case 'p':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_HIGH_PRIORITY);
+		case 'M':
+			if ((sscanf(optarg, "%30d", &option_maxcalls) != 1) || (option_maxcalls < 0))
+				option_maxcalls = 0;
 			break;
-		case 'v':
-			option_verbose++;
-			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK);
-			break;
 		case 'm':
 			ast_set_flag(&ast_options, AST_OPT_FLAG_MUTE);
 			break;
-		case 'M':
-			if ((sscanf(optarg, "%30d", &option_maxcalls) != 1) || (option_maxcalls < 0))
-				option_maxcalls = 0;
+		case 'n':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_COLOR);
 			break;
-		case 'L':
-			if ((sscanf(optarg, "%30lf", &option_maxload) != 1) || (option_maxload < 0.0))
-				option_maxload = 0.0;
+		case 'p':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_HIGH_PRIORITY);
 			break;
 		case 'q':
 			ast_set_flag(&ast_options, AST_OPT_FLAG_QUIET);
 			break;
-		case 't':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_CACHE_RECORD_FILES);
+		case 'R':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK | AST_OPT_FLAG_REMOTE | AST_OPT_FLAG_RECONNECT);
 			break;
-		case 'T':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_TIMESTAMP);
+		case 'r':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK | AST_OPT_FLAG_REMOTE);
 			break;
-		case 'x':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_EXEC);
-			xarg = ast_strdupa(optarg);
+		case 'S':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_DONT_SWAP);
 			break;
-		case 'C':
-			ast_copy_string(cfg_paths.config_file, optarg, sizeof(cfg_paths.config_file));
-			ast_set_flag(&ast_options, AST_OPT_FLAG_OVERRIDE_CONFIG);
+		case 's':
+			remotesock = ast_strdupa(optarg);
 			break;
-		case 'I':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_INTERNAL_TIMING);
+		case 'T':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_TIMESTAMP);
 			break;
-		case 'i':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_INIT_KEYS);
+		case 't':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_CACHE_RECORD_FILES);
 			break;
-		case 'g':
-			ast_set_flag(&ast_options, AST_OPT_FLAG_DUMP_CORE);
+		case 'U':
+			runuser = ast_strdupa(optarg);
 			break;
-		case 'h':
-			show_cli_help();
-			exit(0);
 		case 'V':
 			show_version();
 			exit(0);
-		case 'U':
-			runuser = ast_strdupa(optarg);
+		case 'v':
+			option_verbose++;
+			ast_set_flag(&ast_options, AST_OPT_FLAG_NO_FORK);
 			break;
-		case 'G':
-			rungroup = ast_strdupa(optarg);
-			break;
-		case 's':
-			remotesock = ast_strdupa(optarg);
-			break;
 		case 'W': /* White background */
 			ast_set_flag(&ast_options, AST_OPT_FLAG_LIGHT_BACKGROUND);
 			ast_clear_flag(&ast_options, AST_OPT_FLAG_FORCE_BLACK_BACKGROUND);
 			break;
-		case 'B': /* Force black background */
-			ast_set_flag(&ast_options, AST_OPT_FLAG_FORCE_BLACK_BACKGROUND);
-			ast_clear_flag(&ast_options, AST_OPT_FLAG_LIGHT_BACKGROUND);
+		case 'x':
+			ast_set_flag(&ast_options, AST_OPT_FLAG_EXEC);
+			xarg = ast_strdupa(optarg);
 			break;
 		case '?':
 			exit(1);
@@ -3368,13 +3371,17 @@
 		if (has_cap) {
 			cap_t cap;
 
-			cap = cap_from_text("cap_net_admin=eip");
+			cap = cap_from_text("cap_net_admin=eip cap_ipc_lock=eip");
 
 			if (cap_set_proc(cap))
 				ast_log(LOG_WARNING, "Unable to install capabilities.\n");
 
 			if (cap_free(cap))
 				ast_log(LOG_WARNING, "Unable to drop capabilities.\n");
+
+			if (ast_opt_dont_swap) {
+				mlockall(MCL_FUTURE);
+			}
 		}
 #endif /* HAVE_CAP */
 	}