From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Mon, 13 Apr 2026 15:41:33 +0000 (+0200)
Subject: docs: fix capability name, it's CAP_MKNOD not CAP_SYS_MKNOD (#41621)
X-Git-Tag: v260.2~255
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c36c8a31e6ee3b6ab3dda19362a6f8156e3746ea;p=thirdparty%2Fsystemd.git

docs: fix capability name, it's CAP_MKNOD not CAP_SYS_MKNOD (#41621)

(cherry picked from commit b40ed2067fb669540b1a640e293334fd31403676)
---

diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md
index cb7719557fd..72f6f4dc7ec 100644
--- a/docs/CONTAINER_INTERFACE.md
+++ b/docs/CONTAINER_INTERFACE.md
@@ -403,9 +403,9 @@ its user to 2 (to effectively disallow `fork()`ing) you cannot run more than
 one Avahi instance on the entire system...
 
 People have been asking to be able to run systemd without `CAP_SYS_ADMIN` and
-`CAP_SYS_MKNOD` in the container. This is now supported to some level in
+`CAP_MKNOD` in the container. This is now supported to some level in
 systemd, but we recommend against it (see above). If `CAP_SYS_ADMIN` and
-`CAP_SYS_MKNOD` are missing from the container systemd will now gracefully turn
+`CAP_MKNOD` are missing from the container systemd will now gracefully turn
 off `PrivateTmp=`, `PrivateNetwork=`, `ProtectHome=`, `ProtectSystem=` and
 others, because those capabilities are required to implement these options. The
 services using these settings (which include many of systemd's own) will hence