chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
machinectl: reimplement machinectl's "reboot" verb on top of "kill", and add new...
[elogind.git] / man / systemd-nspawn.xml
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index ffd707092c013d87553066f9ac46ff26a4cd2275..648a8cd19a3ea712bce210cae8c238edfb4b9765 100644 (file)
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -21,7 +21,8 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 -->
 
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 -->
 
-<refentry id="systemd-nspawn">
+<refentry id="systemd-nspawn"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
 
         <refentryinfo>
                 <title>systemd-nspawn</title>
 
         <refentryinfo>
                 <title>systemd-nspawn</title>
@@ -158,30 +159,44 @@
                 <para>The following options are understood:</para>
 
                 <variablelist>
                 <para>The following options are understood:</para>
 
                 <variablelist>
-                        <varlistentry>
-                                <term><option>-h</option></term>
-                                <term><option>--help</option></term>
-
-                                <listitem><para>Prints a short help
-                                text and exits.</para></listitem>
-                        </varlistentry>
-
-                        <varlistentry>
-                                <term><option>--version</option></term>
-
-                                <listitem><para>Prints a version string
-                                and exits.</para></listitem>
-                        </varlistentry>
-
                         <varlistentry>
                                 <term><option>-D</option></term>
                                 <term><option>--directory=</option></term>
 
                                 <listitem><para>Directory to use as
                         <varlistentry>
                                 <term><option>-D</option></term>
                                 <term><option>--directory=</option></term>
 
                                 <listitem><para>Directory to use as
-                                file system root for the namespace
-                                container. If omitted, the current
-                                directory will be
-                                used.</para></listitem>
+                                file system root for the container. If
+                                neither <option>--directory=</option>
+                                nor <option>--image=</option> are
+                                specified, the current directory will
+                                be used. May not be specified together with
+                                <option>--image=</option>.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>-i</option></term>
+                                <term><option>--image=</option></term>
+
+                                <listitem><para>Disk image to mount
+                                the root directory for the container
+                                from. Takes a path to a regular file
+                                or to a block device node. The file or
+                                block device must contain a GUID
+                                Partition Table with a root partition
+                                which is mounted as the root directory
+                                of the container. Optionally, it may
+                                contain a home and/or a server data
+                                partition which are mounted to the
+                                appropriate places in the
+                                container. All these partitions must
+                                be identified by the partition types
+                                defined by the <ulink
+                                url="http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/">Discoverable
+                                Partitions Specification</ulink>. Any
+                                other partitions, such as foreign
+                                partitions, swap partitions or EFI
+                                system partitions are not mounted. May
+                                not be specified together with
+                                <option>--directory=</option>.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
@@ -204,13 +219,15 @@
                                 <term><option>-u</option></term>
                                 <term><option>--user=</option></term>
 
                                 <term><option>-u</option></term>
                                 <term><option>--user=</option></term>
 
-                                <listitem><para>Run the command
-                                under specified user, create home
-                                directory and cd into it. As rest
-                                of systemd-nspawn, this is not
-                                the security feature and limits
-                                against accidental changes only.
-                                </para></listitem>
+                                <listitem><para>After transitioning
+                                into the container, change to the
+                                specified user defined in the
+                                container's user database. Like all
+                                other systemd-nspawn features, this is
+                                not a security feature and provides
+                                protection against accidental
+                                destructive operations
+                                only.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
@@ -228,37 +245,6 @@
                                 container is used.</para></listitem>
                         </varlistentry>
 
                                 container is used.</para></listitem>
                         </varlistentry>
 
-                        <varlistentry>
-                                <term><option>--slice=</option></term>
-
-                                <listitem><para>Make the container
-                                part of the specified slice, instead
-                                of the
-                                <filename>machine.slice</filename>.</para>
-                                </listitem>
-                        </varlistentry>
-
-                        <varlistentry>
-                                <term><option>-Z</option></term>
-                                <term><option>--selinux-context=</option></term>
-
-                                <listitem><para>Sets the SELinux
-                                security context to be used to label
-                                processes in the container.</para>
-                                </listitem>
-                        </varlistentry>
-
-                        <varlistentry>
-                                <term><option>-L</option></term>
-                                <term><option>--selinux-apifs-context=</option></term>
-
-                                <listitem><para>Sets the SELinux security
-                                context to be used to label files in
-                                the virtual API file systems in the
-                                container.</para>
-                                </listitem>
-                        </varlistentry>
-
                         <varlistentry>
                                 <term><option>--uuid=</option></term>
 
                         <varlistentry>
                                 <term><option>--uuid=</option></term>
 
@@ -270,17 +256,29 @@
                                 </para></listitem>
                         </varlistentry>
 
                                 </para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><option>--slice=</option></term>
+
+                                <listitem><para>Make the container
+                                part of the specified slice, instead
+                                of the default
+                                <filename>machine.slice</filename>.</para>
+                                </listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><option>--private-network</option></term>
 
                         <varlistentry>
                                 <term><option>--private-network</option></term>
 
-                                <listitem><para>Turn off networking in
-                                the container. This makes all network
-                                interfaces unavailable in the
-                                container, with the exception of the
-                                loopback device and those specified
-                                with
-                                <option>--network-interface=</option>. If
-                                this option is specified the
+                                <listitem><para>Disconnect networking
+                                of the container from the host. This
+                                makes all network interfaces
+                                unavailable in the container, with the
+                                exception of the loopback device and
+                                those specified with
+                                <option>--network-interface=</option>
+                                and configured with
+                                <option>--network-veth</option>. If
+                                this option is specified, the
                                 CAP_NET_ADMIN capability will be added
                                 to the set of capabilities the
                                 container retains. The latter may be
                                 CAP_NET_ADMIN capability will be added
                                 to the set of capabilities the
                                 container retains. The latter may be
@@ -293,11 +291,11 @@
 
                                 <listitem><para>Assign the specified
                                 network interface to the
 
                                 <listitem><para>Assign the specified
                                 network interface to the
-                                container. This will move the
+                                container. This will remove the
                                 specified interface from the calling
                                 namespace and place it in the
                                 container. When the container
                                 specified interface from the calling
                                 namespace and place it in the
                                 container. When the container
-                                terminates it is moved back to the
+                                terminates, it is moved back to the
                                 host namespace. Note that
                                 <option>--network-interface=</option>
                                 implies
                                 host namespace. Note that
                                 <option>--network-interface=</option>
                                 implies
@@ -308,13 +306,85 @@
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
-                                <term><option>--read-only</option></term>
-
-                                <listitem><para>Mount the root file
-                                system read-only for the
+                                <term><option>--network-macvlan=</option></term>
+
+                                <listitem><para>Create a
+                                <literal>macvlan</literal> interface
+                                of the specified Ethernet network
+                                interface and add it to the
+                                container. A
+                                <literal>macvlan</literal> interface
+                                is a virtual interface that adds a
+                                second MAC address to an existing
+                                physical Ethernet link. The interface
+                                in the container will be named after
+                                the interface on the host, prefixed
+                                with <literal>mv-</literal>. Note that
+                                <option>--network-macvlan=</option>
+                                implies
+                                <option>--private-network</option>. This
+                                option may be used more than once to
+                                add multiple network interfaces to the
                                 container.</para></listitem>
                         </varlistentry>
 
                                 container.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><option>--network-veth</option></term>
+
+                                <listitem><para>Create a virtual
+                                Ethernet link
+                                (<literal>veth</literal>) between host
+                                and container. The host side of the
+                                Ethernet link will be available as a
+                                network interface named after the
+                                container's name (as specified with
+                                <option>--machine=</option>), prefixed
+                                with <literal>ve-</literal>. The
+                                container side of the the Ethernet
+                                link will be named
+                                <literal>host0</literal>. Note that
+                                <option>--network-veth</option>
+                                implies
+                                <option>--private-network</option>.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>--network-bridge=</option></term>
+
+                                <listitem><para>Adds the host side of
+                                the Ethernet link created with
+                                <option>--network-veth</option> to the
+                                specified bridge. Note that
+                                <option>--network-bridge=</option>
+                                implies
+                                <option>--network-veth</option>. If
+                                this option is used the host side of
+                                the Ethernet link will use the
+                                <literal>vb-</literal> prefix instead
+                                of <literal>ve-</literal>.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>-Z</option></term>
+                                <term><option>--selinux-context=</option></term>
+
+                                <listitem><para>Sets the SELinux
+                                security context to be used to label
+                                processes in the container.</para>
+                                </listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>-L</option></term>
+                                <term><option>--selinux-apifs-context=</option></term>
+
+                                <listitem><para>Sets the SELinux security
+                                context to be used to label files in
+                                the virtual API file systems in the
+                                container.</para>
+                                </listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><option>--capability=</option></term>
 
                         <varlistentry>
                                 <term><option>--capability=</option></term>
 
@@ -342,7 +412,7 @@
                                 is retained if
                                 <option>--private-network</option> is
                                 specified. If the special value
                                 is retained if
                                 <option>--private-network</option> is
                                 specified. If the special value
-                                <literal>all</literal> is passed all
+                                <literal>all</literal> is passed, all
                                 capabilities are
                                 retained.</para></listitem>
                         </varlistentry>
                                 capabilities are
                                 retained.</para></listitem>
                         </varlistentry>
@@ -405,6 +475,14 @@
                                 <option>--link-journal=guest</option>.</para></listitem>
                         </varlistentry>
 
                                 <option>--link-journal=guest</option>.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><option>--read-only</option></term>
+
+                                <listitem><para>Mount the root file
+                                system read-only for the
+                                container.</para></listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><option>--bind=</option></term>
                                 <term><option>--bind-ro=</option></term>
                         <varlistentry>
                                 <term><option>--bind=</option></term>
                                 <term><option>--bind-ro=</option></term>
@@ -422,7 +500,7 @@
                                 destination in the container. The
                                 <option>--bind-ro=</option> option
                                 creates read-only bind
                                 destination in the container. The
                                 <option>--bind-ro=</option> option
                                 creates read-only bind
-                                mount.</para></listitem>
+                                mounts.</para></listitem>
                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>
@@ -439,17 +517,6 @@
                                 more than once.</para></listitem>
                         </varlistentry>
 
                                 more than once.</para></listitem>
                         </varlistentry>
 
-                        <varlistentry>
-                                <term><option>-q</option></term>
-                                <term><option>--quiet</option></term>
-
-                                <listitem><para>Turns off any status
-                                output by the tool itself. When this
-                                switch is used, then the only output
-                                by nspawn will be the console output
-                                of the container OS itself.</para></listitem>
-                        </varlistentry>
-
                         <varlistentry>
                                 <term><option>--share-system</option></term>
 
                         <varlistentry>
                                 <term><option>--share-system</option></term>
 
@@ -491,7 +558,7 @@
                                 and shown by tools such as
                                 <citerefentry><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
                                 the container does not run an init
                                 and shown by tools such as
                                 <citerefentry><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
                                 the container does not run an init
-                                system it is recommended to set this
+                                system, it is recommended to set this
                                 option to <literal>no</literal>. Note
                                 that <option>--share-system</option>
                                 implies
                                 option to <literal>no</literal>. Note
                                 that <option>--share-system</option>
                                 implies
@@ -507,13 +574,13 @@
                                 container in, simply register the
                                 service or scope unit
                                 <command>systemd-nspawn</command> has
                                 container in, simply register the
                                 service or scope unit
                                 <command>systemd-nspawn</command> has
-                                been invoked in in
+                                been invoked in with
                                 <citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>. This
                                 has no effect if
                                 <option>--register=no</option> is
                                 used. This switch should be used if
                                 <command>systemd-nspawn</command> is
                                 <citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>. This
                                 has no effect if
                                 <option>--register=no</option> is
                                 used. This switch should be used if
                                 <command>systemd-nspawn</command> is
-                                invoked from within an a service unit,
+                                invoked from within a service unit,
                                 and the service unit's sole purpose
                                 is to run a single
                                 <command>systemd-nspawn</command>
                                 and the service unit's sole purpose
                                 is to run a single
                                 <command>systemd-nspawn</command>
@@ -522,6 +589,38 @@
                                 session.</para></listitem>
                         </varlistentry>
 
                                 session.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><option>--personality=</option></term>
+
+                                <listitem><para>Control the
+                                architecture ("personality") reported
+                                by
+                                <citerefentry><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+                                in the container. Currently, only
+                                <literal>x86</literal> and
+                                <literal>x86-64</literal> are
+                                supported. This is useful when running
+                                a 32bit container on a 64bit
+                                host. If this setting is not used
+                                the personality reported in the
+                                container is the same as the one
+                                reported on the
+                                host.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>-q</option></term>
+                                <term><option>--quiet</option></term>
+
+                                <listitem><para>Turns off any status
+                                output by the tool itself. When this
+                                switch is used, the only output
+                                from nspawn will be the console output
+                                of the container OS itself.</para></listitem>
+                        </varlistentry>
+
+                        <xi:include href="standard-options.xml" xpointer="help" />
+                        <xi:include href="standard-options.xml" xpointer="version" />
                 </variablelist>
 
         </refsect1>
                 </variablelist>
 
         </refsect1>
Unnamed repository; edit this file 'description' to name the repository.