two containers is complete and the containers will
share very few runtime objects except for the
underlying file system.</para>
+
+ <para><command>systemd-nspawn</command> implements the
+ <ulink
+ url="http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface">Container
+ Interface</ulink> specification.</para>
</refsect1>
<refsect1>
<term><option>-C</option></term>
<listitem><para>Makes the container appear in
- other hierarchies that the name=systemd:/ one.
+ other hierarchies than the name=systemd:/ one.
Takes a comma-separated list of controllers.
</para></listitem>
</varlistentry>
container.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--capability=</option></term>
+
+ <listitem><para>List one or more
+ additional capabilities to grant the
+ container. Takes a comma separated
+ list of capability names, see
+ <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for more information. Note that the
+ following capabilities will be
+ granted in any way: CAP_CHOWN,
+ CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH,
+ CAP_FOWNER, CAP_FSETID, CAP_IPC_OWNER,
+ CAP_KILL, CAP_LEASE,
+ CAP_LINUX_IMMUTABLE,
+ CAP_NET_BIND_SERVICE,
+ CAP_NET_BROADCAST, CAP_NET_RAW,
+ CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP,
+ CAP_SETUID, CAP_SYS_ADMIN,
+ CAP_SYS_CHROOT, CAP_SYS_NICE,
+ CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG,
+ CAP_SYS_RESOURCE, CAP_SYS_BOOT.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--link-journal=</option></term>
+
+ <listitem><para>Control whether the
+ container's journal shall be made
+ visible to the host system. If enabled
+ allows viewing the container's journal
+ files from the host (but not vice
+ versa). Takes one of
+ <literal>no</literal>,
+ <literal>host</literal>,
+ <literal>guest</literal>,
+ <literal>auto</literal>. If
+ <literal>no</literal>, the journal is
+ not linked. If <literal>host</literal>,
+ the journal files are stored on the
+ host file system (beneath
+ <filename>/var/log/journal/<machine-id></filename>)
+ and the subdirectory is bind-mounted
+ into the container at the same
+ location. If <literal>guest</literal>,
+ the journal files are stored on the
+ guest file system (beneath
+ <filename>/var/log/journal/<machine-id></filename>)
+ and the subdirectory is symlinked into the host
+ at the same location. If
+ <literal>auto</literal> (the default),
+ and the right subdirectory of
+ <filename>/var/log/journal</filename>
+ exists, it will be bind mounted
+ into the container. If the
+ subdirectory doesn't exist, no
+ linking is performed. Effectively,
+ booting a container once with
+ <literal>guest</literal> or
+ <literal>host</literal> will link the
+ journal persistently if further on
+ the default of <literal>auto</literal>
+ is used.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-j</option></term>
+
+ <listitem><para>Equivalent to
+ <option>--link-journal=guest</option>.</para></listitem>
+ </varlistentry>
</variablelist>
</refsect1>
~ianmdlvl / elogind.git / blobdiff