opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-17 19:24:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

quadlet: Use same default capability set as podman run

Browse Source 
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This commit is contained in:
Alexander Larsson
2022-12-02 16:37:22 +01:00
parent b34ab8b5fa
commit 16cf34dc3a
4 changed files with 3 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/source/markdown/podman-systemd.unit.5.md
View File

@ -116,8 +116,7 @@ setuid and file capabilities.
#### `DropCapability=` (defaults to `all`)
Drop these capabilities from the default podman capability set, or `all` for all capabilities. The default if no
`DropCapability` is set is `all`. Set this to empty (i.e. `DropCapability=`) to use the default podman capability set.
Drop these capabilities from the default podman capability set, or `all` to drop all capabilities.
This is a space separated list of capabilities. This key can be listed multiple times.
@ -140,7 +139,7 @@ AddCapability=CAP_DAC_OVERRIDE CAP_IPC_OWNER
#### `ReadOnly=` (defaults to `no`)
If enabled, makes image read-only, with /var/tmp, /tmp and /run a tmpfs (unless disabled by `VolatileTmp=no`).
If enabled, makes image read-only, with /var/tmp, /tmp and /run a tmpfs (unless disabled by `VolatileTmp=no`).r
**NOTE:** Podman will automatically copy any content from the image onto the tmpfs