container.</para>
<para>Use a tool like
- <citerefentry><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- or
+ <citerefentry><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ or
+ <citerefentry><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>
to set up an OS directory tree suitable as file system
hierarchy for <command>systemd-nspawn</command>
containers.</para>
<variablelist>
<varlistentry>
- <term><option>--help</option></term>
<term><option>-h</option></term>
+ <term><option>--help</option></term>
<listitem><para>Prints a short help
text and exits.</para></listitem>
</varlistentry>
<varlistentry>
- <term><option>--directory=</option></term>
+ <term><option>--version</option></term>
+
+ <listitem><para>Prints a version string
+ and exits.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>-D</option></term>
+ <term><option>--directory=</option></term>
<listitem><para>Directory to use as
file system root for the namespace
</varlistentry>
<varlistentry>
- <term><option>--boot</option></term>
<term><option>-b</option></term>
+ <term><option>--boot</option></term>
<listitem><para>Automatically search
for an init binary and invoke it
</varlistentry>
<varlistentry>
- <term><option>--user=</option></term>
<term><option>-u</option></term>
+ <term><option>--user=</option></term>
<listitem><para>Run the command
under specified user, create home
</varlistentry>
<varlistentry>
- <term><option>--controllers=</option></term>
<term><option>-C</option></term>
+ <term><option>--controllers=</option></term>
<listitem><para>Makes the container appear in
- other hierarchies that the name=systemd:/ one.
+ other hierarchies than the name=systemd:/ one.
Takes a comma-separated list of controllers.
</para></listitem>
</varlistentry>
list of capability names, see
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for more information. Note that the
- the following capabilities will be
- granted in any way: CAP_CHOWN,
+ following capabilities will be granted
+ in any way: CAP_CHOWN,
CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH,
CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER,
CAP_KILL, CAP_LEASE,
CAP_SETUID, CAP_SYS_ADMIN,
CAP_SYS_CHROOT, CAP_SYS_NICE,
CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG,
- CAP_SYS_RESOURCE, CAP_SYS_BOOT.</para></listitem>
+ CAP_SYS_RESOURCE, CAP_SYS_BOOT,
+ CAP_AUDIT_WRITE,
+ CAP_AUDIT_CONTROL.</para></listitem>
</varlistentry>
<varlistentry>
<literal>host</literal>,
<literal>guest</literal>,
<literal>auto</literal>. If
- <literal>no</literal> the journal is
- not linked. If <literal>host</literal>
+ <literal>no</literal>, the journal is
+ not linked. If <literal>host</literal>,
the journal files are stored on the
- host file system (beneath the host's
- <filename>/var/log/journal</filename>)
- and a per-machine subdirectory of this
- directory is created and bind mounted
+ host file system (beneath
+ <filename>/var/log/journal/<machine-id></filename>)
+ and the subdirectory is bind-mounted
into the container at the same
- location. If <literal>guest</literal>
+ location. If <literal>guest</literal>,
the journal files are stored on the
- guest file system (beneath the guest's
- <filename>/var/log/journal</filename>)
- and a per-machine subdirectory of this
- directory is symlinked into the host
+ guest file system (beneath
+ <filename>/var/log/journal/<machine-id></filename>)
+ and the subdirectory is symlinked into the host
at the same location. If
- <literal>auto</literal> (the default)
- and the subdirectory of
+ <literal>auto</literal> (the default),
+ and the right subdirectory of
<filename>/var/log/journal</filename>
- exists as directory it is bind mounted
- into the container, but nothing is
- done otherwise. Effectively, booting a
- container once with
+ exists, it will be bind mounted
+ into the container. If the
+ subdirectory doesn't exist, no
+ linking is performed. Effectively,
+ booting a container once with
<literal>guest</literal> or
<literal>host</literal> will link the
- journal persistantly if further one
+ journal persistently if further on
the default of <literal>auto</literal>
is used.</para></listitem>
</varlistentry>
<refsect1>
<title>Example 1</title>
- <programlisting># yum --releasever=17 --nogpgcheck --installroot ~/fedora-tree/ install yum passwd vim-minimal rootfiles systemd
-# systemd-nspawn -D ~/fedora-tree /usr/lib/systemd/systemd</programlisting>
+ <programlisting># yum -y --releasever=19 --nogpg --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=fedora install systemd passwd yum fedora-release vim-minimal
+# systemd-nspawn -bD /srv/mycontainer</programlisting>
<para>This installs a minimal Fedora distribution into
- the directory <filename>~/fedora-tree/</filename>
- and then boots an OS in a namespace container in it,
- with systemd as init system.</para>
+ the directory <filename>/srv/mycontainer/</filename> and
+ then boots an OS in a namespace container in
+ it.</para>
</refsect1>
<refsect1>
</refsect1>
+ <refsect1>
+ <title>Example 3</title>
+
+ <programlisting># pacstrap -c -d ~/arch-tree/ base
+# systemd-nspawn -bD ~/arch-tree/</programlisting>
+
+ <para>This installs a mimimal Arch Linux distribution into
+ the directory <filename>~/arch-tree/</filename> and then
+ boots an OS in a namespace container in it.</para>
+ </refsect1>
+
<refsect1>
<title>Exit status</title>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>