X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd-nspawn.xml;h=75db65eac02340edd554d427c6dad2b2aea5ed66;hb=9f5ecdb0b11557be41c065f460bb22ab52bb0034;hp=d6687038af68467bc3adb42d210a71e889ca12bf;hpb=06c17c39a8345deef1ecff4dd5ef262f968c9be2;p=elogind.git
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index d6687038a..75db65eac 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -70,7 +70,7 @@
systemd-nspawn may be used to
run a command or OS in a light-weight namespace
container. In many ways it is similar to
- chroot1,
+ chroot1,
but more powerful since it fully virtualizes the file
system hierarchy, as well as the process tree, the
various IPC subsystems and the host and domain
@@ -98,15 +98,15 @@
involved with boot and systems management.In contrast to
- chroot1Â systemd-nspawn
+ chroot1Â systemd-nspawn
may be used to boot full Linux-based operating systems
in a container.Use a tool like
- yum8,
- debootstrap8,
+ yum8,
+ debootstrap8,
or
- pacman8
+ pacman8
to set up an OS directory tree suitable as file system
hierarchy for systemd-nspawn
containers.
@@ -136,8 +136,9 @@
As a safety check
systemd-nspawn will verify the
- existence of /etc/os-release in
- the container tree before starting the container (see
+ existence of /usr/lib/os-release
+ or /etc/os-release in the
+ container tree before starting the container (see
os-release5). It
might be necessary to add this file to the container
tree manually if the OS of the container is too old to
@@ -392,7 +393,7 @@
additional capabilities to grant the
container. Takes a comma-separated
list of capability names, see
- capabilities7
+ capabilities7
for more information. Note that the
following capabilities will be granted
in any way: CAP_CHOWN,
@@ -438,7 +439,9 @@
versa). Takes one of
no,
host,
+ try-host,
guest,
+ try-guest,
auto. If
no, the journal is
not linked. If host,
@@ -452,8 +455,11 @@
guest file system (beneath
/var/log/journal/machine-id)
and the subdirectory is symlinked into the host
- at the same location. If
- auto (the default),
+ at the same location. try-host
+ and try-guest do the same
+ but do not fail if the host does not have
+ persistant journalling enabled.
+ If auto (the default),
and the right subdirectory of
/var/log/journal
exists, it will be bind mounted
@@ -472,7 +478,7 @@
Equivalent to
- .
+ .
@@ -580,7 +586,7 @@
accessible via
machinectl1
and shown by tools such as
- ps1. If
+ ps1. If
the container does not run an init
system, it is recommended to set this
option to no. Note
@@ -643,6 +649,49 @@
of the container OS itself.
+
+ =MODE
+
+ Boots the container in
+ volatile (ephemeral) mode. When no
+ mode parameter is passed or when mode
+ is specified as yes
+ full volatile mode is enabled. This
+ means the root directory is mounted as
+ mostly unpopulated
+ tmpfs instance, and
+ /usr from the OS
+ tree is mounted into it, read-only
+ (the system thus starts up with
+ read-only OS resources, but pristine
+ state and configuration, any changes
+ to the either are lost on
+ shutdown). When the mode parameter is
+ specified as state
+ the OS tree is mounted read-only, but
+ /var is mounted
+ as tmpfs instance
+ into it (the system thus starts up
+ with read-only OS resources and
+ configuration, but pristine state, any
+ changes to the latter are lost on
+ shutdown). When the mode parameter is
+ specified as no
+ (the default) the whole OS tree is made
+ available writable.
+
+ Note that setting this to
+ yes or
+ state will only
+ work correctly with operating systems
+ in the container that can boot up with
+ only /usr
+ mounted, and are able to populate
+ /var
+ automatically, as
+ needed.
+
+
@@ -650,69 +699,70 @@
- Example 1
+ Examples
+
+ Boot a minimal Fedora distribution in a container
- # yum -y --releasever=19 --nogpg --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=fedora install systemd passwd yum fedora-release vim-minimal
+ # yum -y --releasever=19 --nogpg --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=fedora install systemd passwd yum fedora-release vim-minimal
# systemd-nspawn -bD /srv/mycontainer
- This installs a minimal Fedora distribution into
- the directory /srv/mycontainer/ and
- then boots an OS in a namespace container in
- it.
-
+ This installs a minimal Fedora distribution into
+ the directory /srv/mycontainer/ and
+ then boots an OS in a namespace container in
+ it.
+
-
- Example 2
+
+ Spawn a shell in a container of a minimal Debian unstable distribution
- # debootstrap --arch=amd64 unstable ~/debian-tree/
+ # debootstrap --arch=amd64 unstable ~/debian-tree/
# systemd-nspawn -D ~/debian-tree/
- This installs a minimal Debian unstable
- distribution into the directory
- ~/debian-tree/ and then spawns a
- shell in a namespace container in it.
-
+ This installs a minimal Debian unstable
+ distribution into the directory
+ ~/debian-tree/ and then spawns a
+ shell in a namespace container in it.
+
-
- Example 3
+
+ Boot a minimal Arch Linux distribution in a container
- # pacstrap -c -d ~/arch-tree/ base
+ # pacstrap -c -d ~/arch-tree/ base
# systemd-nspawn -bD ~/arch-tree/
- This installs a mimimal Arch Linux distribution into
- the directory ~/arch-tree/ and then
- boots an OS in a namespace container in it.
-
+ This installs a mimimal Arch Linux distribution into
+ the directory ~/arch-tree/ and then
+ boots an OS in a namespace container in it.
+
-
- Example 4
+
+ Enable Arch Linux container on boot
- # mv ~/arch-tree /var/lib/container/arch
+ # mv ~/arch-tree /var/lib/container/arch
# systemctl enable systemd-nspawn@arch.service
# systemctl start systemd-nspawn@arch.service
- This makes the Arch Linux container part of the
- multi-user.target on the host.
-
-
+ This makes the Arch Linux container part of the
+ multi-user.target on the host.
+
+
-
- Example 5
+
+ Boot into a btrfs snapshot of the host system
- # btrfs subvolume snapshot / /.tmp
+ # btrfs subvolume snapshot / /.tmp
# systemd-nspawn --private-network -D /.tmp -b
- This runs a copy of the host system in a
- btrfs snapshot.
-
+ This runs a copy of the host system in a
+ btrfs snapshot.
+
-
- Example 6
+
+ Run a container with SELinux sandbox security contexts
- # chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
+ # chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
-
- This runs a container with SELinux sandbox security contexts.
+
@@ -726,10 +776,10 @@
See Alsosystemd1,
- chroot1,
- yum8,
- debootstrap8,
- pacman8,
+ chroot1,
+ yum8,
+ debootstrap8,
+ pacman8,
systemd.slice5,
machinectl1