man: systemd-nspawn: fix list of default capabilities (#7925)

* Sort them alphabetically. * Add CAP_MKNOD (commit 7f112f50fe added it). the list is now in sync with the one at the top of nspawn.c
2018-01-18 19:11:11 +00:00 · 2018-01-18 19:11:11 +00:00 · a30504ed69
parent 0970be500d
commit a30504ed69
1 changed files with 10 additions and 15 deletions
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@ -706,22 +706,17 @@
      <varlistentry>
        <term><option>--capability=</option></term>

-        <listitem><para>List one or more additional capabilities to
-        grant the container. Takes a comma-separated list of
-        capability names, see
+        <listitem><para>List one or more additional capabilities to grant the container.
+        Takes a comma-separated list of capability names, see
        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
-        for more information. Note that the following capabilities
-        will be granted in any way: CAP_CHOWN, CAP_DAC_OVERRIDE,
-        CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER,
-        CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE,
-        CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW,
-        CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP, CAP_SETUID,
-        CAP_SYS_ADMIN, CAP_SYS_CHROOT, CAP_SYS_NICE, CAP_SYS_PTRACE,
-        CAP_SYS_TTY_CONFIG, CAP_SYS_RESOURCE, CAP_SYS_BOOT,
-        CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. Also CAP_NET_ADMIN is
-        retained if <option>--private-network</option> is specified.
-        If the special value <literal>all</literal> is passed, all
-        capabilities are retained.</para></listitem>
+        for more information. Note that the following capabilities will be granted in any way:
+        CAP_AUDIT_CONTROL, CAP_AUDIT_WRITE, CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH,
+        CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE,
+        CAP_MKNOD, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SETFCAP,
+        CAP_SETGID, CAP_SETPCAP, CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT,
+        CAP_SYS_NICE, CAP_SYS_PTRACE, CAP_SYS_RESOURCE, CAP_SYS_TTY_CONFIG. Also CAP_NET_ADMIN
+        is retained if <option>--private-network</option> is specified.  If the special value
+        <literal>all</literal> is passed, all capabilities are retained.</para></listitem>
      </varlistentry>

      <varlistentry>