Clarify the docs on DropCapability

It was a bit unclear what setting it to empty means. Also, add to the tests verification that this works. Signed-off-by: Alexander Larsson <alexl@redhat.com>
2025-12-02 02:58:03 +08:00 · 2022-10-21 08:07:13 +02:00
parent 33eb45c475
commit bac907abf8
2 changed files with 5 additions and 3 deletions
--- a/test/e2e/quadlet/capabilities.container
+++ b/test/e2e/quadlet/capabilities.container
@@ -1,9 +1,11 @@
-## assert-podman-args "--cap-drop=all"
+## !assert-podman-args "--cap-drop=all"
 ## assert-podman-args "--cap-add=cap_dac_override"
 ## assert-podman-args "--cap-add=cap_audit_write"
 ## assert-podman-args "--cap-add=cap_ipc_owner"

 [Container]
 Image=imagename
+# Verify that we can reset to the default cap set
+DropCapability=
 AddCapability=CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
 AddCapability=CAP_IPC_OWNER