<para><command>systemd-nspawn</command> may be used to
run a command or OS in a light-weight namespace
container. In many ways it is similar to
- <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
but more powerful since it fully virtualizes the file
system hierarchy, as well as the process tree, the
various IPC subsystems and the host and domain
involved with boot and systems management.</para>
<para>In contrast to
- <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry> <command>systemd-nspawn</command>
+ <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry> <command>systemd-nspawn</command>
may be used to boot full Linux-based operating systems
in a container.</para>
<para>Use a tool like
- <citerefentry><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='die-net'><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='die-net'><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
or
- <citerefentry><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ <citerefentry project='arch'><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>
to set up an OS directory tree suitable as file system
hierarchy for <command>systemd-nspawn</command>
containers.</para>
<para>As a safety check
<command>systemd-nspawn</command> will verify the
- existence of <filename>/etc/os-release</filename> in
- the container tree before starting the container (see
+ existence of <filename>/usr/lib/os-release</filename>
+ or <filename>/etc/os-release</filename> in the
+ container tree before starting the container (see
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>). It
might be necessary to add this file to the container
tree manually if the OS of the container is too old to
additional capabilities to grant the
container. Takes a comma-separated
list of capability names, see
- <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for more information. Note that the
following capabilities will be granted
in any way: CAP_CHOWN,
accessible via
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and shown by tools such as
- <citerefentry><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
+ <citerefentry project='man-pages'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
the container does not run an init
system, it is recommended to set this
option to <literal>no</literal>. Note
of the container OS itself.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--volatile</option><replaceable>=MODE</replaceable></term>
+
+ <listitem><para>Boots the container in
+ volatile (ephemeral) mode. When no
+ mode parameter is passed or when mode
+ is specified as <literal>yes</literal>
+ full volatile mode is enabled. This
+ means the root directory is mounted as
+ mostly unpopulated
+ <literal>tmpfs</literal> instance, and
+ <filename>/usr</filename> from the OS
+ tree is mounted into it, read-only
+ (the system thus starts up with
+ read-only OS resources, but pristine
+ state and configuration, any changes
+ to the either are lost on
+ shutdown). When the mode parameter is
+ specified as <literal>state</literal>
+ the OS tree is mounted read-only, but
+ <filename>/var</filename> is mounted
+ as <literal>tmpfs</literal> instance
+ into it (the system thus starts up
+ with read-only OS resources and
+ configuration, but prestine state, any
+ changes to the latter are lost on
+ shutdown). When the mode parameter is
+ specified as <literal>no</literal>
+ (the default) the whole OS tree is made
+ available writable.</para>
+
+ <para>Note that setting this to
+ <literal>yes</literal> or
+ <literal>state</literal> will only
+ work correctly with operating systems
+ in the container that can boot up with
+ only <filename>/usr</filename>
+ mounted, and are able to populate
+ <filename>/var</filename>
+ automatically, as
+ needed.</para></listitem>
+ </varlistentry>
+
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
</variablelist>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry project='die-net'><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='die-net'><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='arch'><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>