nspawn: introduce --capability=all for retaining all capabilities

[elogind.git] / man / systemd-nspawn.xml

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 9d8db83e81ba9e845c0fe41f919e58c869b365de..ba2c5a487b693270d03d7d2646c227278b400aca 100644 (file)
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -143,19 +143,6 @@
                 contain this file out-of-the-box.</para>
         </refsect1>
 
-        <refsect1>
-                <title>Incompatibility with Auditing</title>
-
-                <para>Note that the kernel auditing subsystem is
-                currently broken when used together with
-                containers. We hence recommend turning it off entirely
-                by booting with <literal>audit=0</literal> on the
-                kernel command line, or by turning it off at kernel
-                build time. If auditing is enabled in the kernel,
-                operating systems booted in an nspawn container might
-                refuse log-in attempts.</para>
-        </refsect1>
-
         <refsect1>
                 <title>Options</title>
 
@@ -323,8 +310,11 @@
                                 CAP_SYS_CHROOT, CAP_SYS_NICE,
                                 CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG,
                                 CAP_SYS_RESOURCE, CAP_SYS_BOOT,
-                                CAP_AUDIT_WRITE,
-                                CAP_AUDIT_CONTROL.</para></listitem>
+                                CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. If
+                                the special value
+                                <literal>all</literal> is passed all
+                                capabilities are
+                                retained.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>