summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-06-28 13:44:39 +0200
committerLennart Poettering <lennart@poettering.net>2012-06-28 14:05:16 +0200
commit5076f0ccfd36b67512d44fe355b80305ced7dcba (patch)
tree168b0d3a496aafb25da05e020a36e2cda7076354 /man
parent6c242857b2f55e67a3adc06f9999d305613f614f (diff)
nspawn: introduce new --capabilities= flag and make use of it in the nspawn test case
Diffstat (limited to 'man')
-rw-r--r--man/systemd-nspawn.xml24
1 files changed, 24 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index a926a7e5d3..76e291881c 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -206,6 +206,30 @@
container.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--capability=</option></term>
+
+ <listitem><para>List one or more
+ additional capabilities to grant the
+ container. Takes a comma separated
+ list of capability names, see
+ <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for more information. Note that the
+ the following capabilities will be
+ granted in any way: CAP_CHOWN,
+ CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH,
+ CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER,
+ CAP_KILL, CAP_LEASE,
+ CAP_LINUX_IMMUTABLE,
+ CAP_NET_BIND_SERVICE,
+ CAP_NET_BROADCAST, CAP_NET_RAW,
+ CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP,
+ CAP_SETUID, CAP_SYS_ADMIN,
+ CAP_SYS_CHROOT, CAP_SYS_NICE,
+ CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG,
+ CAP_SYS_RESOURCE.</para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>