Merge pull request #5206 from rhatdan/capabilities

Allow devs to set labels in container images for default capabilities.

1 files changed, 10 insertions, 0 deletions

diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 12f099e65..3f0bfc57b 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -279,6 +279,16 @@ BUILDAH\_ISOLATION environment variable.  `export BUILDAH_ISOLATION=oci`
 
 Add an image *label* (e.g. label=*value*) to the image metadata. Can be used multiple times.
 
+Users can set a special LABEL **io.containers.capabilities=CAP1,CAP2,CAP3** in
+a Containerfile that specified the list of Linux capabilities required for the
+container to run properly. This label specified in a container image tells
+Podman to run the container with just these capabilties. Podman launches the
+container with just the specified capabilties, as long as this list of
+capabilities is a subset of the default list.
+
+If the specified capabilities are not in the default set, Podman will
+print an error message and will run the container with the default capabilities.
+
 **--layers**
 
 Cache intermediate images during the build process (Default is `true`).