X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd-nspawn.xml;h=ca99da4909cac88b654779a86d0508945ec53f64;hb=8a96d94e4c33173d1426b7e0a6325405804ba224;hp=08b0457d16298d3395894391de82e60085e0b135;hpb=a8828ed93878b4b4866d40ebfb660e54995ff72e;p=elogind.git
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 08b0457d1..ca99da490 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -249,23 +249,23 @@
-
-
+
+
- Sets the mandatory
- access control (MAC) file label to be
- used by tmpfs file systems in the
- container.
+ Sets the SELinux
+ security context to be used to label
+ processes in the container.
-
-
+
+
- Sets the mandatory
- access control (MAC) label to be used by
- processes in the container.
+ Sets the SELinux security
+ context to be used to label files in
+ the virtual API file systems in the
+ container.
@@ -416,6 +416,39 @@
more than once.
+
+
+
+
+ Turns off any status
+ output by the tool itself. When this
+ switch is used, then the only output
+ by nspawn will be the console output
+ of the container OS
+ itself.
+
+
+
+
+
+ Allows the container
+ to share certain system facilities
+ with the host. More specifically, this
+ turns off PID namespacing, UTS
+ namespacing and IPC namespacing, and
+ thus allows the guest to see and
+ interact more easily with processes
+ outside of the container. Note that
+ using this option makes it impossible
+ to start up a full Operating System in the
+ container, as an init system cannot
+ operate in this mode. It is only
+ useful to run specific programs or
+ applications this way, without
+ involving an init
+ system in the container.
+
+
@@ -483,7 +516,7 @@
# chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
- This runs a container with SELinux sandbox labels.
+ This runs a container with SELinux sandbox security contexts.