contain this file out-of-the-box.</para>
</refsect1>
- <refsect1>
- <title>Incompatibility with Auditing</title>
-
- <para>Note that the kernel auditing subsystem is
- currently broken when used together with
- containers. We hence recommend turning it off entirely
- by booting with <literal>audit=0</literal> on the
- kernel command line, or by turning it off at kernel
- build time. If auditing is enabled in the kernel,
- operating systems booted in an nspawn container might
- refuse log-in attempts.</para>
- </refsect1>
-
<refsect1>
<title>Options</title>
CAP_SYS_CHROOT, CAP_SYS_NICE,
CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG,
CAP_SYS_RESOURCE, CAP_SYS_BOOT,
- CAP_AUDIT_WRITE,
- CAP_AUDIT_CONTROL.</para></listitem>
+ CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. If
+ the special value
+ <literal>all</literal> is passed all
+ capabilities are
+ retained.</para></listitem>
</varlistentry>
<varlistentry>