CAP_AUDIT_CONTROL.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--drop-capability=</option></term>
+
+ <listitem><para>Specify one or more
+ additional capabilities to drop for
+ the container. This allows running the
+ container with fewer capabilities than
+ the default (see above).</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--link-journal=</option></term>
creates read-only bind
mount.</para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>--setenv=</option></term>
+
+ <listitem><para>Specifies an
+ environment variable assignment to
+ pass to the init process in the
+ container, in the format
+ <literal>NAME=VALUE</literal>. This
+ may be used to override the default
+ variables or to set additional
+ variables. This parameter may be used
+ more than once.</para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
</para>
</refsect1>
+ <refsect1>
+ <title>Example 5</title>
+
+ <programlisting># btrfs subvolume snapshot / /.tmp
+# systemd-nspawn --private-network -D /.tmp -b</programlisting>
+
+ <para>This runs a copy of the host system in a
+ btrfs snapshot.</para>
+ </refsect1>
+
+
<refsect1>
<title>Exit status</title>