X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd-nspawn.xml;h=e55933d069d9b341dacf4ba8e48370e701cb18c0;hp=5cba40bcd427ef7fdbcd086ffbccd59bb7daa1e9;hb=04ac799283f517672a5424e7c5bf066cfa4ca020;hpb=1ddf879acf388a4625150c3a97b76458f6d2a070
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 5cba40bcd..e55933d06 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -51,7 +51,14 @@
systemd-nspawnOPTIONS
- COMMAND
+ COMMAND
+ ARGS
+
+
+
+ systemd-nspawn
+ -b
+ OPTIONSARGS
@@ -90,14 +97,13 @@
involved with boot and systems management.
In contrast to
- chroot1
- systemd-nspawn may be used to boot
- full Linux-based operating systems in a
- container.
+ chroot1Â systemd-nspawn
+ may be used to boot full Linux-based operating systems
+ in a container.
Use a tool like
yum8,
- debootstrap8
+ debootstrap8,
or
pacman8
to set up an OS directory tree suitable as file system
@@ -126,15 +132,43 @@
Container
Interface specification.
+
+ As a safety check
+ systemd-nspawn will verify the
+ existence of /etc/os-release in
+ the container tree before starting the container (see
+ os-release5). It
+ might be necessary to add this file to the container
+ tree manually if the OS of the container is too old to
+ contain this file out-of-the-box.
+
+
+
+ Incompatibility with Auditing
+
+ Note that the kernel auditing subsystem is
+ currently broken when used together with
+ containers. We hence recommend turning it off entirely
+ by booting with audit=0 on the
+ kernel command line, or by turning it off at kernel
+ build time. If auditing is enabled in the kernel
+ operating systems booted in an nspawn container might
+ refuse log-in attempts.Options
- If no arguments are passed the container is set
- up and a shell started in it, otherwise the passed
- command and arguments are executed in it. The
- following options are understood:
+ If option is specified, the
+ arguments are used as arguments for the init
+ binary. Otherwise, COMMAND
+ specifies the program to launch in the container, and
+ the remaining arguments are used as arguments for this
+ program. If is not used and no
+ arguments are specifed, a shell is launched in the
+ container.
+
+ The following options are understood:
@@ -170,7 +204,10 @@
Automatically search
for an init binary and invoke it
instead of a shell or a user supplied
- program.
+ program. If this option is used, arguments
+ specified on the command line are used
+ as arguments for the init binary.
+
@@ -186,10 +223,35 @@
+
+
+
+
+ Sets the machine name
+ for this container. This name may be
+ used to identify this container on the
+ host, and is used to initialize the
+ container's hostname (which the
+ container can choose to override,
+ however). If not specified the last
+ component of the root directory of the
+ container is used.
+
+
+
+
+
+ Make the container
+ part of the specified slice, instead
+ of the
+ machine.slice.
+
+
+
- Set the specified uuid
+ Set the specified UUID
for the container. The init system
will initialize
/etc/machine-id
@@ -197,16 +259,6 @@
-
-
-
-
- Makes the container appear in
- other hierarchies than the name=systemd:/ one.
- Takes a comma-separated list of controllers.
-
-
-
@@ -221,7 +273,7 @@
Mount the root file
- system read only for the
+ system read-only for the
container.
@@ -230,7 +282,7 @@
List one or more
additional capabilities to grant the
- container. Takes a comma separated
+ container. Takes a comma-separated
list of capability names, see
capabilities7
for more information. Note that the
@@ -298,6 +350,26 @@
Equivalent to
.
+
+
+
+
+
+ Bind mount a file or
+ directory from the host into the
+ container. Either takes a path
+ argument -- in which case the
+ specified path will be mounted from
+ the host to the same path in the
+ container --, or a colon-separated
+ pair of paths -- in which case the
+ first specified path is the source in
+ the host, and the second path is the
+ destination in the container. The
+ option
+ creates read-only bind
+ mount.
+
@@ -309,7 +381,7 @@
# systemd-nspawn -bD /srv/mycontainer
This installs a minimal Fedora distribution into
- the directory /srv/mycontainer/ and
+ the directory /srv/mycontainer/ and
then boots an OS in a namespace container in
it.
@@ -346,7 +418,7 @@
(as viewed from the outside) of the launched process,
and it can be used to enter the container.
- # nsenter -muinpt $PID
+ # nsenter -m -u -i -n -p -t $PIDnsenter1
is part of
@@ -370,7 +442,8 @@
unshare1,
yum8,
debootstrap8,
- pacman8
+ pacman8,
+ systemd.slice5