<varlistentry>
<term><option>--capability=</option></term>
- <listitem><para>List one or more additional capabilities to
- grant the container. Takes a comma-separated list of
- capability names, see
+ <listitem><para>List one or more additional capabilities to grant the container.
+ Takes a comma-separated list of capability names, see
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- for more information. Note that the following capabilities
- will be granted in any way: CAP_CHOWN, CAP_DAC_OVERRIDE,
- CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER,
- CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE,
- CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW,
- CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP, CAP_SETUID,
- CAP_SYS_ADMIN, CAP_SYS_CHROOT, CAP_SYS_NICE, CAP_SYS_PTRACE,
- CAP_SYS_TTY_CONFIG, CAP_SYS_RESOURCE, CAP_SYS_BOOT,
- CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. Also CAP_NET_ADMIN is
- retained if <option>--private-network</option> is specified.
- If the special value <literal>all</literal> is passed, all
- capabilities are retained.</para></listitem>
+ for more information. Note that the following capabilities will be granted in any way:
+ CAP_AUDIT_CONTROL, CAP_AUDIT_WRITE, CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH,
+ CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE,
+ CAP_MKNOD, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SETFCAP,
+ CAP_SETGID, CAP_SETPCAP, CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT,
+ CAP_SYS_NICE, CAP_SYS_PTRACE, CAP_SYS_RESOURCE, CAP_SYS_TTY_CONFIG. Also CAP_NET_ADMIN
+ is retained if <option>--private-network</option> is specified. If the special value
+ <literal>all</literal> is passed, all capabilities are retained.</para></listitem>
</varlistentry>
<varlistentry>
projects / platform / upstream / systemd.git / commitdiff