contain this file out-of-the-box.</para>
</refsect1>
- <refsect1>
- <title>Incompatibility with Auditing</title>
-
- <para>Note that the kernel auditing subsystem is
- currently broken when used together with
- containers. We hence recommend turning it off entirely
- by booting with <literal>audit=0</literal> on the
- kernel command line, or by turning it off at kernel
- build time. If auditing is enabled in the kernel,
- operating systems booted in an nspawn container might
- refuse log-in attempts.</para>
- </refsect1>
-
<refsect1>
<title>Options</title>
should be enabled when the container
runs a full Operating System (more
specifically: an init system), and is
- useful to ensure the container is
- accesible via
+ useful to ensure that the container is
+ accessible via
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and shown by tools such as
<citerefentry><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
<option>--register=no</option>.
</para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>--keep-unit</option></term>
+
+ <listitem><para>Instead of creating a
+ transient scope unit to run the
+ container in, simply register the
+ service or scope unit
+ <command>systemd-nspawn</command> has
+ been invoked in in
+ <citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>. This
+ has no effect if
+ <option>--register=no</option> is
+ used. This switch should be used if
+ <command>systemd-nspawn</command> is
+ invoked from within an a service unit,
+ and the service unit's sole purpose
+ is to run a single
+ <command>systemd-nspawn</command>
+ container. This option is not
+ available if run from a user
+ session.</para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
~ianmdlvl / elogind.git / blobdiff