Apply suggestions from code review
acl_docs: Stylistic improvements Co-Authored-By: Tim Gross <tim@0x74696d.com>
This commit is contained in:
parent
4b6e03b8e9
commit
25b7d58b37
|
@ -378,12 +378,12 @@ host_volume "prod-ca-certificates" {
|
||||||
Host volume rules are keyed to the volume names that they apply to. As with
|
Host volume rules are keyed to the volume names that they apply to. As with
|
||||||
namespaces, you may use wildcards to reuse the same configuration across a set
|
namespaces, you may use wildcards to reuse the same configuration across a set
|
||||||
of volumes. In addition to the coarse grained policy specification, the
|
of volumes. In addition to the coarse grained policy specification, the
|
||||||
host_volume stanza allows setting a more fine grained list of capabilities.
|
`host_volume` stanza allows setting a more fine grained list of capabilities.
|
||||||
This includes:
|
This includes:
|
||||||
|
|
||||||
- `deny` - Do not allow a user to mount a volume in any way.
|
- `deny` - Do not allow a user to mount a volume in any way.
|
||||||
- `mount-readonly` - Only allow the user to mount the volume as `readonly`
|
- `mount-readonly` - Only allow the user to mount the volume as `readonly`
|
||||||
- `mount-readwrite` - Allow the user to mount the volume as `readonly` or `readwrite` if the host_volume configuration allows it.
|
- `mount-readwrite` - Allow the user to mount the volume as `readonly` or `readwrite` if the `host_volume` configuration allows it.
|
||||||
|
|
||||||
The course grained policy permissions are shorthand for the fine grained capabilities:
|
The course grained policy permissions are shorthand for the fine grained capabilities:
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue