From 4064055d7ceb084031166c85de36b43e67c0478c Mon Sep 17 00:00:00 2001
From: Ilia Markelov <imarkelo@redhat.com>
Date: Mon, 13 Jan 2025 16:40:50 +0100
Subject: [PATCH] Comments fixes according to conversation

---
 qm.container | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/qm.container b/qm.container
index 4182fc9a..82e32c0c 100644
--- a/qm.container
+++ b/qm.container
@@ -37,14 +37,15 @@ TasksMax=50%
 [Container]
 # AddCapability
 # -------------
-# Grants all capabilities to the container, increasing flexibility but significantly
+# Add these capabilities, in addition to the default Podman capability set, to the container.
+# If set to all, grants all capabilities to the container, increasing flexibility but significantly
 # reducing security.
 AddCapability=all
 
 # Unmask
 # -------
-# Unmasks all systemd services for the container, overriding masking that prevents
-# access to specific services.
+# Specify the paths to unmask separated by a colon. unmask=ALL or /path/1:/path/2, or shell expanded paths (/proc/*):
+# If set to ALL, Podman will unmask all the paths that are masked or made read-only by default.
 Unmask=ALL
 SecurityLabelNested=true
 SeccompProfile=/usr/share/qm/seccomp.json
@@ -71,8 +72,8 @@ ReadOnly=true
 
 # Rootfs
 # ------
-# Defines the root filesystem location for the container. 
-# The '${ROOTFS}' variable should point to a valid filesystem path.
+# Defines the root filesystem location for the QM container. 
+# By default the '${ROOTFS}' variable points to /usr/lib/qm/rootfs.
 Rootfs=${ROOTFS}
 
 SecurityLabelNested=true