9085a7e79f
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Has been cancelled
All containers now get CHOWN+FOWNER+SETUID+SETGID+DAC_OVERRIDE+NET_BIND_SERVICE as the default cap set. Rootless podman needs these for: - CHOWN/FOWNER/DAC_OVERRIDE: file ownership in mapped UID namespace - SETUID/SETGID: internal user switching (entrypoint scripts) - NET_BIND_SERVICE: port binding in network namespaces Tested on .198: Grafana, Vaultwarden, Bitcoin Knots all start successfully. Previously failed with "Permission denied" or "loopback adapter" errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>