X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd-nspawn.xml;h=820a79bc286c53f61dfe1d686373af87b5aaf70a;hp=61b03fa7fb1860649fb5990d8c75aacd7dbb16f7;hb=631b9deefbef76c5f69b165f33cb46690c938c95;hpb=1b9e5b126359a2a2ec37de1f94f046093abc74b8
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 61b03fa7f..820a79bc2 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -70,7 +70,7 @@
systemd-nspawn may be used to
run a command or OS in a light-weight namespace
container. In many ways it is similar to
- chroot1,
+ chroot1,
but more powerful since it fully virtualizes the file
system hierarchy, as well as the process tree, the
various IPC subsystems and the host and domain
@@ -98,15 +98,15 @@
involved with boot and systems management.In contrast to
- chroot1Â systemd-nspawn
+ chroot1Â systemd-nspawn
may be used to boot full Linux-based operating systems
in a container.Use a tool like
- yum8,
- debootstrap8,
+ yum8,
+ debootstrap8,
or
- pacman8
+ pacman8
to set up an OS directory tree suitable as file system
hierarchy for systemd-nspawn
containers.
@@ -136,8 +136,9 @@
As a safety check
systemd-nspawn will verify the
- existence of /etc/os-release in
- the container tree before starting the container (see
+ existence of /usr/lib/os-release
+ or /etc/os-release in the
+ container tree before starting the container (see
os-release5). It
might be necessary to add this file to the container
tree manually if the OS of the container is too old to
@@ -219,13 +220,15 @@
- Run the command
- under specified user, create home
- directory and cd into it. As rest
- of systemd-nspawn, this is not
- the security feature and limits
- against accidental changes only.
-
+ After transitioning
+ into the container, change to the
+ specified user-defined in the
+ container's user database. Like all
+ other systemd-nspawn features, this is
+ not a security feature and provides
+ protection against accidental
+ destructive operations
+ only.
@@ -338,7 +341,7 @@
container's name (as specified with
), prefixed
with ve-. The
- container side of the the Ethernet
+ container side of the Ethernet
link will be named
host0. Note that
@@ -356,7 +359,7 @@
implies
. If
- this option is used the host side of
+ this option is used, the host side of
the Ethernet link will use the
vb- prefix instead
of ve-.
@@ -390,7 +393,7 @@
additional capabilities to grant the
container. Takes a comma-separated
list of capability names, see
- capabilities7
+ capabilities7
for more information. Note that the
following capabilities will be granted
in any way: CAP_CHOWN,
@@ -501,6 +504,30 @@
mounts.
+
+
+
+ Mount a tmpfs file
+ system into the container. Takes a
+ single absolute path argument that
+ specifies where to mount the tmpfs
+ instance to (in which case the
+ directory access mode will be chosen
+ as 0755, owned by root/root), or
+ optionally a colon-separated pair of
+ path and mount option string, that is
+ used for mounting (in which case the
+ kernel default for access mode and
+ owner will be chosen, unless otherwise
+ specified). This option is
+ particularly useful for mounting
+ directories such as
+ /var as tmpfs, to
+ allow state-less systems, in
+ particular when combined with
+ .
+
+
@@ -554,7 +581,7 @@
accessible via
machinectl1
and shown by tools such as
- ps1. If
+ ps1. If
the container does not run an init
system, it is recommended to set this
option to no. Note
@@ -598,8 +625,8 @@
x86 and
x86-64 are
supported. This is useful when running
- a 32bit container on a 64bit
- host. If this setting is not used
+ a 32-bit container on a 64-bit
+ host. If this setting is not used,
the personality reported in the
container is the same as the one
reported on the
@@ -617,6 +644,49 @@
of the container OS itself.
+
+ =MODE
+
+ Boots the container in
+ volatile (ephemeral) mode. When no
+ mode parameter is passed or when mode
+ is specified as yes
+ full volatile mode is enabled. This
+ means the root directory is mounted as
+ mostly unpopulated
+ tmpfs instance, and
+ /usr from the OS
+ tree is mounted into it, read-only
+ (the system thus starts up with
+ read-only OS resources, but pristine
+ state and configuration, any changes
+ to the either are lost on
+ shutdown). When the mode parameter is
+ specified as state
+ the OS tree is mounted read-only, but
+ /var is mounted
+ as tmpfs instance
+ into it (the system thus starts up
+ with read-only OS resources and
+ configuration, but pristine state, any
+ changes to the latter are lost on
+ shutdown). When the mode parameter is
+ specified as no
+ (the default) the whole OS tree is made
+ available writable.
+
+ Note that setting this to
+ yes or
+ state will only
+ work correctly with operating systems
+ in the container that can boot up with
+ only /usr
+ mounted, and are able to populate
+ /var
+ automatically, as
+ needed.
+
+
@@ -700,10 +770,10 @@
See Alsosystemd1,
- chroot1,
- yum8,
- debootstrap8,
- pacman8,
+ chroot1,
+ yum8,
+ debootstrap8,
+ pacman8,
systemd.slice5,
machinectl1