X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd-nspawn.xml;h=08b0457d16298d3395894391de82e60085e0b135;hp=bec233c1ca9eb9c056df7dc72a385483b3de8a16;hb=a8828ed93878b4b4866d40ebfb660e54995ff72e;hpb=483798e0770c65968bbe2b668ece293b2419f2ec
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index bec233c1c..08b0457d1 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -248,6 +248,27 @@
+
+
+
+
+ Sets the mandatory
+ access control (MAC) file label to be
+ used by tmpfs file systems in the
+ container.
+
+
+
+
+
+
+
+ Sets the mandatory
+ access control (MAC) label to be used by
+ processes in the container.
+
+
+
@@ -456,6 +477,14 @@
btrfs snapshot.
+
+ Example 6
+
+ # chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
+# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
+
+ This runs a container with SELinux sandbox labels.
+ Exit status