X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd-nspawn.xml;h=c95a7c0e9a5148600a1adf3e0a2340190b142a42;hb=7b52a628f8b43ba521c302a7f32bccf9d0dc8bfd;hp=3707a5ec942516ad811ced1621b51525f6ee4dd4;hpb=9cb74bcb23dde8488459ca233bf9caee642b8402;p=elogind.git
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 3707a5ec9..c95a7c0e9 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -248,6 +248,27 @@
+
+
+
+
+ Sets the mandatory
+ access control (MAC/SELinux) file
+ label to be used by virtual API file
+ systems in the container.
+
+
+
+
+
+
+
+ Sets the mandatory
+ access control (MAC/SELinux) label to be used by
+ processes in the container.
+
+
+
@@ -303,6 +324,16 @@
CAP_AUDIT_CONTROL.
+
+
+
+ Specify one or more
+ additional capabilities to drop for
+ the container. This allows running the
+ container with fewer capabilities than
+ the default (see above).
+
+
@@ -370,6 +401,33 @@
creates read-only bind
mount.
+
+
+
+
+ Specifies an
+ environment variable assignment to
+ pass to the init process in the
+ container, in the format
+ NAME=VALUE. This
+ may be used to override the default
+ variables or to set additional
+ variables. This parameter may be used
+ more than once.
+
+
+
+
+
+
+ Turns off any status
+ output by the tool itself. When this
+ switch is used, then the only output
+ by nspawn will be the console output
+ of the container OS
+ itself.
+
+
@@ -421,6 +479,25 @@
+
+ Example 5
+
+ # btrfs subvolume snapshot / /.tmp
+# systemd-nspawn --private-network -D /.tmp -b
+
+ This runs a copy of the host system in a
+ btrfs snapshot.
+
+
+
+ Example 6
+
+ # chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
+# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
+
+ This runs a container with SELinux sandbox labels.
+
+
Exit status