chiark / gitweb /
headers: fix git URLs for source files
[elogind.git] / man / systemd-nspawn.xml
index 667e75c..d5f8465 100644 (file)
@@ -61,7 +61,7 @@
                 container. In many ways it is similar to
                 <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                 but more powerful since it fully virtualizes the file
-                system hierachy, as well as the process tree, the
+                system hierarchy, as well as the process tree, the
                 various IPC subsystems and the host and domain
                 name.</para>
 
                 to various kernel interfaces in the container to
                 read-only, such as <filename>/sys</filename>,
                 <filename>/proc/sys</filename> or
-                <filename>/selinux</filename>. Network interfaces and
-                the system clock may not be changed from within the
-                container. Device nodes may not be created. The host
-                system cannot be rebooted and kernel modules may not
-                be loaded from within the container.</para>
+                <filename>/sys/fs/selinux</filename>. Network
+                interfaces and the system clock may not be changed
+                from within the container. Device nodes may not be
+                created. The host system cannot be rebooted and kernel
+                modules may not be loaded from within the
+                container.</para>
 
                 <para>Note that even though these security precautions
                 are taken <command>systemd-nspawn</command> is not
                 <para>Note that running two
                 <command>systemd-nspawn</command> containers from the
                 same directory tree will not make processes in them
-                see each other. The PID namespace seperation of the
+                see each other. The PID namespace separation of the
                 two containers is complete and the containers will
                 share very few runtime objects except for the
                 underlying file system.</para>
                 <variablelist>
                         <varlistentry>
                                 <term><option>--help</option></term>
+                                <term><option>-h</option></term>
 
                                 <listitem><para>Prints a short help
                                 text and exits.</para></listitem>
 
                         <varlistentry>
                                 <term><option>--directory=</option></term>
-                                <term><option>--D</option></term>
+                                <term><option>-D</option></term>
 
                                 <listitem><para>Directory to use as
                                 file system root for the namespace
                                 used.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><option>--user=</option></term>
+                                <term><option>-u</option></term>
+
+                                <listitem><para>Run the command
+                                under specified user, create home
+                                directory and cd into it. As rest
+                                of systemd-nspawn, this is not
+                                the security feature and limits
+                                against accidental changes only.
+                                </para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><option>--private-network</option></term>
+
+                                <listitem><para>Turn off networking in
+                                the container. This makes all network
+                                interfaces unavailable in the
+                                container, with the exception of the
+                                loopback device.</para></listitem>
+                        </varlistentry>
+
                 </variablelist>
 
         </refsect1>
                 <para>
                         <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                         <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
-                        <citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+                        <citerefentry><refentrytitle>debootstrap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                         <citerefentry><refentrytitle>mock</refentrytitle><manvolnum>1</manvolnum></citerefentry>
                 </para>
         </refsect1>