diff options
| -rw-r--r-- | man/systemd-nspawn.xml | 8 | ||||
| -rw-r--r-- | src/nspawn/nspawn.c | 4 |
2 files changed, 8 insertions, 4 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index db2d417e49..2939951a88 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -227,8 +227,8 @@ list of capability names, see <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> for more information. Note that the - following capabilities will be - granted in any way: CAP_CHOWN, + following capabilities will be granted + in any way: CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, @@ -239,7 +239,9 @@ CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_CHROOT, CAP_SYS_NICE, CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG, - CAP_SYS_RESOURCE, CAP_SYS_BOOT.</para></listitem> + CAP_SYS_RESOURCE, CAP_SYS_BOOT, + CAP_AUDIT_WRITE, + CAP_AUDIT_CONTROL.</para></listitem> </varlistentry> <varlistentry> diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 98b583d747..62dc20d824 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -96,7 +96,9 @@ static uint64_t arg_retain = (1ULL << CAP_SYS_PTRACE) | (1ULL << CAP_SYS_TTY_CONFIG) | (1ULL << CAP_SYS_RESOURCE) | - (1ULL << CAP_SYS_BOOT); + (1ULL << CAP_SYS_BOOT) | + (1ULL << CAP_AUDIT_WRITE) | + (1ULL << CAP_AUDIT_CONTROL); static int help(void) { |