opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-03 01:37:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

quadlet: Change NoNewPrivileges default to false

Browse Source 
This matches the default of podman run.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
This commit is contained in:
Alexander Larsson
2022-12-02 16:22:29 +01:00
parent 51deb324a3
commit d19ea6a60d
3 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/source/markdown/podman-systemd.unit.5.md
View File

@ -109,7 +109,7 @@ which can be modified with `RemapUsers`, but if that is not specified, this uid
The (numeric) gid to run as inside the container. This does not need to match the gid on the host,
which can be modified with `RemapUsers`, but if that is not specified, this gid is also used on the host.
#### `NoNewPrivileges=` (defaults to `yes`)
#### `NoNewPrivileges=` (defaults to `no`)
If enabled (which is the default), this disables the container processes from gaining additional privileges via things like
setuid and file capabilities.