see each other. The PID namespace separation of the
two containers is complete and the containers will
share very few runtime objects except for the
- underlying file system. It is however possible to
- enter an existing container, see
- <link linkend='example-nsenter'>Example 4</link> below.
- </para>
+ underlying file system. Use
+ <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+ <command>login</command> command to request an
+ additional login prompt in a running container.</para>
<para><command>systemd-nspawn</command> implements the
<ulink
containers. We hence recommend turning it off entirely
by booting with <literal>audit=0</literal> on the
kernel command line, or by turning it off at kernel
- build time. If auditing is enabled in the kernel
+ build time. If auditing is enabled in the kernel,
operating systems booted in an nspawn container might
refuse log-in attempts.</para>
</refsect1>
<listitem><para>Directory to use as
file system root for the namespace
- container. If omitted the current
+ container. If omitted, the current
directory will be
used.</para></listitem>
</varlistentry>
host, and is used to initialize the
container's hostname (which the
container can choose to override,
- however). If not specified the last
+ however). If not specified, the last
component of the root directory of the
container is used.</para></listitem>
</varlistentry>
<listitem><para>Control whether the
container's journal shall be made
- visible to the host system. If enabled
+ visible to the host system. If enabled,
allows viewing the container's journal
files from the host (but not vice
versa). Takes one of
<filename>/var/log/journal</filename>
exists, it will be bind mounted
into the container. If the
- subdirectory doesn't exist, no
+ subdirectory does not exist, no
linking is performed. Effectively,
booting a container once with
<literal>guest</literal> or
boots an OS in a namespace container in it.</para>
</refsect1>
- <refsect1 id='example-nsenter'>
- <title>Example 4</title>
-
- <para>To enter the container, PID of one of the
- processes sharing the new namespaces must be used.
- <command>systemd-nspawn</command> prints the PID
- (as viewed from the outside) of the launched process,
- and it can be used to enter the container.</para>
-
- <programlisting># nsenter -m -u -i -n -p -t $PID</programlisting>
-
- <para><citerefentry><refentrytitle>nsenter</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- is part of
- <ulink url="https://github.com/karelzak/util-linux">util-linux</ulink>.
- Kernel support for entering namespaces was added in
- Linux 3.8.</para>
- </refsect1>
-
<refsect1>
<title>Exit status</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>unshare</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>