X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd-nspawn.xml;h=bec233c1ca9eb9c056df7dc72a385483b3de8a16;hb=91f0ac7d40e4b89ccb8430b34dbf907f305763fa;hp=f4c5d77eed1ea12b1f39b2a656638aa4faf6b2fb;hpb=431c72dc3d482732a01d3ab929aa9b2c36422d46;p=elogind.git
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index f4c5d77ee..bec233c1c 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -97,14 +97,13 @@
involved with boot and systems management.
In contrast to
- chroot1
- systemd-nspawn may be used to boot
- full Linux-based operating systems in a
- container.
+ chroot1Â systemd-nspawn
+ may be used to boot full Linux-based operating systems
+ in a container.
Use a tool like
yum8,
- debootstrap8
+ debootstrap8,
or
pacman8
to set up an OS directory tree suitable as file system
@@ -124,10 +123,10 @@
see each other. The PID namespace separation of the
two containers is complete and the containers will
share very few runtime objects except for the
- underlying file system. It is however possible to
- enter an existing container, see
- Example 4 below.
-
+ underlying file system. Use
+ machinectl1's
+ login command to request an
+ additional login prompt in a running container.
systemd-nspawn implements the
audit=0 on the
kernel command line, or by turning it off at kernel
- build time. If auditing is enabled in the kernel
+ build time. If auditing is enabled in the kernel,
operating systems booted in an nspawn container might
refuse log-in attempts.
@@ -193,7 +192,7 @@
Directory to use as
file system root for the namespace
- container. If omitted the current
+ container. If omitted, the current
directory will be
used.
@@ -234,7 +233,7 @@
host, and is used to initialize the
container's hostname (which the
container can choose to override,
- however). If not specified the last
+ however). If not specified, the last
component of the root directory of the
container is used.
@@ -304,12 +303,22 @@
CAP_AUDIT_CONTROL.
+
+
+
+ Specify one or more
+ additional capabilities to drop for
+ the container. This allows running the
+ container with fewer capabilities than
+ the default (see above).
+
+
Control whether the
container's journal shall be made
- visible to the host system. If enabled
+ visible to the host system. If enabled,
allows viewing the container's journal
files from the host (but not vice
versa). Takes one of
@@ -335,7 +344,7 @@
/var/log/journal
exists, it will be bind mounted
into the container. If the
- subdirectory doesn't exist, no
+ subdirectory does not exist, no
linking is performed. Effectively,
booting a container once with
guest or
@@ -371,6 +380,21 @@
creates read-only bind
mount.
+
+
+
+
+ Specifies an
+ environment variable assignment to
+ pass to the init process in the
+ container, in the format
+ NAME=VALUE. This
+ may be used to override the default
+ variables or to set additional
+ variables. This parameter may be used
+ more than once.
+
+
@@ -410,24 +434,29 @@
boots an OS in a namespace container in it.
-
+ Example 4
- To enter the container, PID of one of the
- processes sharing the new namespaces must be used.
- systemd-nspawn prints the PID
- (as viewed from the outside) of the launched process,
- and it can be used to enter the container.
+ # mv ~/arch-tree /var/lib/container/arch
+# systemctl enable systemd-nspawn@arch.service
+# systemctl start systemd-nspawn@arch.service
+
+ This makes the Arch Linux container part of the
+ multi-user.target on the host.
+
+
+
+
+ Example 5
- # nsenter -m -u -i -n -p -t $PID
+ # btrfs subvolume snapshot / /.tmp
+# systemd-nspawn --private-network -D /.tmp -b
- nsenter1
- is part of
- util-linux.
- Kernel support for entering namespaces was added in
- Linux 3.8.
+ This runs a copy of the host system in a
+ btrfs snapshot.
+
Exit status
@@ -440,11 +469,11 @@
systemd1,
chroot1,
- unshare1,
yum8,
debootstrap8,
pacman8,
- systemd.slice5
+ systemd.slice5,
+ machinectl1