contain this file out-of-the-box.</para>
</refsect1>
- <refsect1>
- <title>Incompatibility with Auditing</title>
-
- <para>Note that the kernel auditing subsystem is
- currently broken when used together with
- containers. We hence recommend turning it off entirely
- by booting with <literal>audit=0</literal> on the
- kernel command line, or by turning it off at kernel
- build time. If auditing is enabled in the kernel,
- operating systems booted in an nspawn container might
- refuse log-in attempts.</para>
- </refsect1>
-
<refsect1>
<title>Options</title>
loopback device.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--network-interface=</option></term>
+
+ <listitem><para>Assign the specified
+ network interface to the
+ container. This will move the
+ specified interface from the calling
+ namespace and place it in the
+ container. When the container
+ terminates it is moved back to the
+ host namespace.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--read-only</option></term>
CAP_SYS_CHROOT, CAP_SYS_NICE,
CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG,
CAP_SYS_RESOURCE, CAP_SYS_BOOT,
- CAP_AUDIT_WRITE,
- CAP_AUDIT_CONTROL.</para></listitem>
+ CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. If
+ the special value
+ <literal>all</literal> is passed all
+ capabilities are
+ retained.</para></listitem>
</varlistentry>
<varlistentry>
~ianmdlvl / elogind.git / blobdiff