docs: fix capability name, it's CAP_MKNOD not CAP_SYS_MKNOD (#41621)

author rusty-snake <41237666+rusty-snake@users.noreply.github.com>

Mon, 13 Apr 2026 15:41:33 +0000 (17:41 +0200)

committer Luca Boccassi <luca.boccassi@gmail.com>

Tue, 14 Apr 2026 16:32:02 +0000 (17:32 +0100)
author rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Mon, 13 Apr 2026 15:41:33 +0000 (17:41 +0200)
committer Luca Boccassi <luca.boccassi@gmail.com>
Tue, 14 Apr 2026 16:32:02 +0000 (17:32 +0100)
diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md

index cb7719557fd177418ee7ddb68b69fb62b579b8e5..72f6f4dc7ec3bc1eb593acd4791e99199313012c 100644 (file)
--- a/docs/CONTAINER_INTERFACE.md
+++ b/docs/CONTAINER_INTERFACE.md
@@ -403,9 +403,9 @@ its user to 2 (to effectively disallow `fork()`ing) you cannot run more than
  one Avahi instance on the entire system...
  
  People have been asking to be able to run systemd without `CAP_SYS_ADMIN` and
-`CAP_SYS_MKNOD` in the container. This is now supported to some level in
+`CAP_MKNOD` in the container. This is now supported to some level in
  systemd, but we recommend against it (see above). If `CAP_SYS_ADMIN` and
-`CAP_SYS_MKNOD` are missing from the container systemd will now gracefully turn
+`CAP_MKNOD` are missing from the container systemd will now gracefully turn
  off `PrivateTmp=`, `PrivateNetwork=`, `ProtectHome=`, `ProtectSystem=` and
  others, because those capabilities are required to implement these options. The
  services using these settings (which include many of systemd's own) will hence
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>
	Mon, 13 Apr 2026 15:41:33 +0000 (17:41 +0200)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Tue, 14 Apr 2026 16:32:02 +0000 (17:32 +0100)