man: networkd - clarify Address/Gateway keys in [Network] section

[elogind.git] / man / systemd-nspawn.xml
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml

index 7d450f912c1c617c17d6bd41a32eb0d87374963a..bec233c1ca9eb9c056df7dc72a385483b3de8a16 100644 (file)
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -123,10 +123,10 @@
                  see each other. The PID namespace separation of the
                  two containers is complete and the containers will
                  share very few runtime objects except for the
                  see each other. The PID namespace separation of the
                  two containers is complete and the containers will
                  share very few runtime objects except for the
-                underlying file system. It is however possible to
-                enter an existing container, see
-                <link linkend='example-nsenter'>Example 4</link> below.
-                </para>
+                underlying file system. Use
+                <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+                <command>login</command> command to request an
+                additional login prompt in a running container.</para>
  
                  <para><command>systemd-nspawn</command> implements the
                  <ulink
  
                  <para><command>systemd-nspawn</command> implements the
                  <ulink
@@ -303,6 +303,16 @@
                                  CAP_AUDIT_CONTROL.</para></listitem>
                          </varlistentry>
  
                                  CAP_AUDIT_CONTROL.</para></listitem>
                          </varlistentry>
  
+                        <varlistentry>
+                                <term><option>--drop-capability=</option></term>
+
+                                <listitem><para>Specify one or more
+                                additional capabilities to drop for
+                                the container. This allows running the
+                                container with fewer capabilities than
+                                the default (see above).</para></listitem>
+                        </varlistentry>
+
                          <varlistentry>
                                  <term><option>--link-journal=</option></term>
  
                          <varlistentry>
                                  <term><option>--link-journal=</option></term>
  
@@ -370,6 +380,21 @@
                                  creates read-only bind
                                  mount.</para></listitem>
                          </varlistentry>
                                  creates read-only bind
                                  mount.</para></listitem>
                          </varlistentry>
+
+                        <varlistentry>
+                                <term><option>--setenv=</option></term>
+
+                                <listitem><para>Specifies an
+                                environment variable assignment to
+                                pass to the init process in the
+                                container, in the format
+                                <literal>NAME=VALUE</literal>. This
+                                may be used to override the default
+                                variables or to set additional
+                                variables. This parameter may be used
+                                more than once.</para></listitem>
+                        </varlistentry>
+
                  </variablelist>
  
          </refsect1>
                  </variablelist>
  
          </refsect1>
@@ -409,24 +434,29 @@
                  boots an OS in a namespace container in it.</para>
          </refsect1>
  
                  boots an OS in a namespace container in it.</para>
          </refsect1>
  
-        <refsect1 id='example-nsenter'>
+        <refsect1>
                  <title>Example 4</title>
  
                  <title>Example 4</title>
  
-                <para>To enter the container, PID of one of the
-                processes sharing the new namespaces must be used.
-                <command>systemd-nspawn</command> prints the PID
-                (as viewed from the outside) of the launched process,
-                and it can be used to enter the container.</para>
+                <programlisting># mv ~/arch-tree /var/lib/container/arch
+# systemctl enable systemd-nspawn@arch.service
+# systemctl start systemd-nspawn@arch.service</programlisting>
+
+                <para>This makes the Arch Linux container part of the
+                <filename>multi-user.target</filename> on the host.
+                </para>
+        </refsect1>
+
+        <refsect1>
+                <title>Example 5</title>
  
  
-                <programlisting># nsenter -m -u -i -n -p -t $PID</programlisting>
+                <programlisting># btrfs subvolume snapshot / /.tmp
+# systemd-nspawn --private-network -D /.tmp -b</programlisting>
  
  
-                <para><citerefentry><refentrytitle>nsenter</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-                is part of
-                <ulink url="https://github.com/karelzak/util-linux">util-linux</ulink>.
-                Kernel support for entering namespaces was added in
-                Linux 3.8.</para>
+                <para>This runs a copy of the host system in a
+                btrfs snapshot.</para>
          </refsect1>
  
          </refsect1>
  
+
          <refsect1>
                  <title>Exit status</title>
  
          <refsect1>
                  <title>Exit status</title>
  
@@ -439,11 +469,11 @@
                  <para>
                          <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                  <para>
                          <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
-                        <citerefentry><refentrytitle>unshare</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>yum</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                          <citerefentry><refentrytitle>pacman</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
-                        <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+                        <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+                        <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
                  </para>
          </refsect1>
  
                  </para>
          </refsect1>