From 5076f0ccfd36b67512d44fe355b80305ced7dcba Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 28 Jun 2012 13:44:39 +0200 Subject: nspawn: introduce new --capabilities= flag and make use of it in the nspawn test case --- man/systemd-nspawn.xml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'man/systemd-nspawn.xml') diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index a926a7e5d3..76e291881c 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -206,6 +206,30 @@ container. + + + + List one or more + additional capabilities to grant the + container. Takes a comma separated + list of capability names, see + capabilities7 + for more information. Note that the + the following capabilities will be + granted in any way: CAP_CHOWN, + CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, + CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER, + CAP_KILL, CAP_LEASE, + CAP_LINUX_IMMUTABLE, + CAP_NET_BIND_SERVICE, + CAP_NET_BROADCAST, CAP_NET_RAW, + CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP, + CAP_SETUID, CAP_SYS_ADMIN, + CAP_SYS_CHROOT, CAP_SYS_NICE, + CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG, + CAP_SYS_RESOURCE. + + -- cgit v1.2.3-54-g00ecf