nixos/security/wrappers: clarify required format for capabilities
Before this change, the description for security.wrappers.<name>.capabilities made it seem like you could just string together the names of capabilities like this: capabilities = "CAP_SETUID,CAP_SETGID"; In reality, each item in the list must be a full-on capability clause: capabilities = "CAP_SETUID=ep,CAP_SETGID+i";
This commit is contained in:
parent
4886df0aea
commit
17352e8995
1 changed files with 5 additions and 4 deletions
|
@ -52,10 +52,11 @@ let
|
|||
{ type = lib.types.commas;
|
||||
default = "";
|
||||
description = lib.mdDoc ''
|
||||
A comma-separated list of capabilities to be given to the wrapper
|
||||
program. For capabilities supported by the system check the
|
||||
{manpage}`capabilities(7)`
|
||||
manual page.
|
||||
A comma-separated list of capability clauses to be given to the
|
||||
wrapper program. The format for capability clauses is described in the
|
||||
“TEXTUAL REPRESENTATION” section of the {manpage}`cap_from_text(3)`
|
||||
manual page. For a list of capabilities supported by the system, check
|
||||
the {manpage}`capabilities(7)` manual page.
|
||||
|
||||
::: {.note}
|
||||
`cap_setpcap`, which is required for the wrapper
|
||||
|
|
Loading…
Reference in a new issue