man: add a note that nspawn gives access to network by default

Fixes #6546.
2026-03-06 15:02:31 -08:00 · 2018-03-21 16:07:20 +01:00
parent ed47df8967
commit bc96c63c05
1 changed files with 4 additions and 2 deletions
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -519,8 +519,10 @@
        configured with <option>--network-veth</option>. If this
        option is specified, the CAP_NET_ADMIN capability will be
        added to the set of capabilities the container retains. The
-        latter may be disabled by using
-        <option>--drop-capability=</option>.</para></listitem>
+        latter may be disabled by using <option>--drop-capability=</option>.
+        If this option is not specified (or implied by one of the options
+        listed below), the container will have full access to the host network.
+        </para></listitem>
      </varlistentry>

      <varlistentry>