diff options
| -rw-r--r-- | interface-definitions/containers.xml.in | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in index 24d1870af..1e9c36ee5 100644 --- a/interface-definitions/containers.xml.in +++ b/interface-definitions/containers.xml.in @@ -23,24 +23,32 @@ </leafNode> <leafNode name="cap-add"> <properties> - <help>Add capabilities</help> + <help>Container capabilities/permissions</help> <completionHelp> - <list>net-admin setpcap sys-time</list> + <list>net-admin net-raw setpcap sys-admin sys-time</list> </completionHelp> <valueHelp> <format>net-admin</format> - <description>Net-admin option</description> + <description>Network operations (interface, firewall, routing tables)</description> + </valueHelp> + <valueHelp> + <format>net-raw</format> + <description>Permission to create raw network sockets</description> </valueHelp> <valueHelp> <format>setpcap</format> - <description>Setpcap option</description> + <description>Capability sets (from bounded or inherited set)</description> + </valueHelp> + <valueHelp> + <format>sys-admin</format> + <description>Administation operations (quotactl, mount, sethostname, setdomainame)</description> </valueHelp> <valueHelp> <format>sys-time</format> - <description>Sys-time option</description> + <description>Permission to set system clock</description> </valueHelp> <constraint> - <regex>^(net-admin|setpcap|sys-time)$</regex> + <regex>^(net-admin|net-raw|setpcap|sys-admin|sys-time)$</regex> </constraint> <multi/> </properties> |