diff options
| author | Alan Jenkins <alan.christopher.jenkins@gmail.com> | 2018-01-18 19:11:11 +0000 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2018-01-19 04:11:11 +0900 |
| commit | a30504ed694ef459a11b69b1bc15fdedc170115e (patch) | |
| tree | 3aeff0995128fd276c3cff773d13c27f2648552a /man/systemd-nspawn.xml | |
| parent | 0970be500dea08e0e1484ca3aead1f3ab827c3db (diff) | |
| download | systemd-a30504ed694ef459a11b69b1bc15fdedc170115e.tar.gz | |
man: systemd-nspawn: fix list of default capabilities (#7925)
* Sort them alphabetically.
* Add CAP_MKNOD (commit 7f112f50fe added it).
the list is now in sync with the one at the top of nspawn.c
Diffstat (limited to 'man/systemd-nspawn.xml')
| -rw-r--r-- | man/systemd-nspawn.xml | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index ab3c44f37e..633d939384 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -706,22 +706,17 @@ <varlistentry> <term><option>--capability=</option></term> - <listitem><para>List one or more additional capabilities to - grant the container. Takes a comma-separated list of - capability names, see + <listitem><para>List one or more additional capabilities to grant the container. + Takes a comma-separated list of capability names, see <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> - for more information. Note that the following capabilities - will be granted in any way: CAP_CHOWN, CAP_DAC_OVERRIDE, - CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER, - CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE, - CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, - CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP, CAP_SETUID, - CAP_SYS_ADMIN, CAP_SYS_CHROOT, CAP_SYS_NICE, CAP_SYS_PTRACE, - CAP_SYS_TTY_CONFIG, CAP_SYS_RESOURCE, CAP_SYS_BOOT, - CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. Also CAP_NET_ADMIN is - retained if <option>--private-network</option> is specified. - If the special value <literal>all</literal> is passed, all - capabilities are retained.</para></listitem> + for more information. Note that the following capabilities will be granted in any way: + CAP_AUDIT_CONTROL, CAP_AUDIT_WRITE, CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, + CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE, + CAP_MKNOD, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SETFCAP, + CAP_SETGID, CAP_SETPCAP, CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, + CAP_SYS_NICE, CAP_SYS_PTRACE, CAP_SYS_RESOURCE, CAP_SYS_TTY_CONFIG. Also CAP_NET_ADMIN + is retained if <option>--private-network</option> is specified. If the special value + <literal>all</literal> is passed, all capabilities are retained.</para></listitem> </varlistentry> <varlistentry> |