From a30504ed694ef459a11b69b1bc15fdedc170115e Mon Sep 17 00:00:00 2001
From: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Date: Thu, 18 Jan 2018 19:11:11 +0000
Subject: [PATCH] man: systemd-nspawn: fix list of default capabilities (#7925)

* Sort them alphabetically.
* Add CAP_MKNOD (commit 7f112f50fe added it).

the list is now in sync with the one at the top of nspawn.c
---
 man/systemd-nspawn.xml | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index ab3c44f37e..633d939384 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -706,22 +706,17 @@
       <varlistentry>
         <term><option>--capability=</option></term>
 
-        <listitem><para>List one or more additional capabilities to
-        grant the container. Takes a comma-separated list of
-        capability names, see
+        <listitem><para>List one or more additional capabilities to grant the container.
+        Takes a comma-separated list of capability names, see
         <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
-        for more information. Note that the following capabilities
-        will be granted in any way: CAP_CHOWN, CAP_DAC_OVERRIDE,
-        CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER,
-        CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE,
-        CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW,
-        CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP, CAP_SETUID,
-        CAP_SYS_ADMIN, CAP_SYS_CHROOT, CAP_SYS_NICE, CAP_SYS_PTRACE,
-        CAP_SYS_TTY_CONFIG, CAP_SYS_RESOURCE, CAP_SYS_BOOT,
-        CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. Also CAP_NET_ADMIN is
-        retained if <option>--private-network</option> is specified.
-        If the special value <literal>all</literal> is passed, all
-        capabilities are retained.</para></listitem>
+        for more information. Note that the following capabilities will be granted in any way:
+        CAP_AUDIT_CONTROL, CAP_AUDIT_WRITE, CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH,
+        CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE,
+        CAP_MKNOD, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SETFCAP,
+        CAP_SETGID, CAP_SETPCAP, CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT,
+        CAP_SYS_NICE, CAP_SYS_PTRACE, CAP_SYS_RESOURCE, CAP_SYS_TTY_CONFIG. Also CAP_NET_ADMIN
+        is retained if <option>--private-network</option> is specified.  If the special value
+        <literal>all</literal> is passed, all capabilities are retained.</para></listitem>
       </varlistentry>
 
       <varlistentry>