</listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>-L</option></term>
+ <term><option>--apifs-label=</option></term>
+
+ <listitem><para>Sets the mandatory
+ access control (MAC/SELinux) file
+ label to be used by virtual API file
+ systems in the container.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-Z</option></term>
+ <term><option>--process-label=</option></term>
+
+ <listitem><para>Sets the mandatory
+ access control (MAC/SELinux) label to be used by
+ processes in the container.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--uuid=</option></term>
more than once.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>-q</option></term>
+ <term><option>--quiet</option></term>
+
+ <listitem><para>Turns off any status
+ output by the tool itself. When this
+ switch is used, then the only output
+ by nspawn will be the console output
+ of the container OS
+ itself.</para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
btrfs snapshot.</para>
</refsect1>
+ <refsect1>
+ <title>Example 6</title>
+
+ <programlisting># chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
+# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh</programlisting>
+
+ <para>This runs a container with SELinux sandbox labels.</para>
+ </refsect1>
<refsect1>
<title>Exit status</title>
~ianmdlvl / elogind.git / blobdiff