docker: Add env var to control capabilities (#8552)

As it's not simple to run a container under Docker/Kubernetes as non-root but with additional capabilities, add an internal hack.
author: Jakob Borg <jakob@kastelo.net> 2022-09-26 13:39:41 +0200
committer: GitHub <noreply@github.com> 2022-09-26 13:39:41 +0200
commit: 361f7ae56435806c373d02d179c7a60caf845ddf (patch)
tree: 8c738f70266fb58296716b0f25399b0433623e7e /README-Docker.md
parent: 1cd2f5a91ff853a5136b1110dd05efcf0065a576 (diff)
download: syncthing-361f7ae56435806c373d02d179c7a60caf845ddf.tar.gz
syncthing-361f7ae56435806c373d02d179c7a60caf845ddf.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/README-Docker.md b/README-Docker.md
index b29c9bc01..27acf53aa 100644
--- a/README-Docker.md
+++ b/README-Docker.md
@@ -7,9 +7,13 @@ Use the `/var/syncthing` volume to have the synchronized files available on the
 host. You can add more folders and map them as you prefer.
 
 Note that Syncthing runs as UID 1000 and GID 1000 by default. These may be
-altered with the ``PUID`` and ``PGID`` environment variables. In addition
+altered with the `PUID` and `PGID` environment variables. In addition
 the name of the Syncthing instance can be optionally defined by using
-``--hostname=syncthing`` parameter.
+`--hostname=syncthing` parameter.
+
+To grant Syncthing additional capabilities without running as root, use the
+`PCAP` environment variable with the same syntax as that for `setcap(8)`.
+For example, `PCAP=cap_chown,cap_fowner+ep`.
 
 ## Example Usage
author	Jakob Borg <jakob@kastelo.net>	2022-09-26 13:39:41 +0200
committer	GitHub <noreply@github.com>	2022-09-26 13:39:41 +0200
commit	361f7ae56435806c373d02d179c7a60caf845ddf (patch)
tree	8c738f70266fb58296716b0f25399b0433623e7e /README-Docker.md
parent	1cd2f5a91ff853a5136b1110dd05efcf0065a576 (diff)
download	syncthing-361f7ae56435806c373d02d179c7a60caf845ddf.tar.gz syncthing-361f7ae56435806c373d02d179c7a60caf845ddf.zip