diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-12-07 18:36:08 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-12-07 18:38:41 +0100 |
| commit | 58abb66f4b9b0b3a16fe29211454d9936d35c35d (patch) | |
| tree | 79167a6387a23fa2ff94f41250ce166c953323c3 | |
| parent | 4623e8e6ac7c7a36b16ec2dc9ad8507fd820c9fa (diff) | |
man: update the nspawn man page, and document what kind of dissection features we now support
| -rw-r--r-- | man/systemd-nspawn.xml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index cd0a90d82f..2bc81ea1aa 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -235,17 +235,34 @@ identified by the partition types defined by the <ulink url="http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/">Discoverable Partitions Specification</ulink>.</para></listitem> + + <listitem><para>No partition table, and a single file system spanning the whole image.</para></listitem> </itemizedlist> <para>On GPT images, if an EFI System Partition (ESP) is discovered, it is automatically mounted to <filename>/efi</filename> (or <filename>/boot</filename> as fallback) in case a directory by this name exists and is empty.</para> + <para>Partitions encrypted with LUKS are automatically decrypted. Also, on GPT images dm-verity data integrity + hash partitions are set up if the root hash for them is specified using the <option>--root-hash=</option> + option.</para> + <para>Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified together with <option>--directory=</option>, <option>--template=</option>.</para></listitem> </varlistentry> <varlistentry> + <term><option>--root-hash=</option></term> + + <listitem><para>Takes a data integrity (dm-verity) root hash specified in hexadecimal. This option enables data + integrity checks using dm-verity, if the used image contains the appropriate integrity data (see above). The + specified hash must match the root hash of integrity data, and is usually at least 256bits (and hence 64 + hexadecimal characters) long (in case of SHA256 for example). If this option is not specified, but a file with + the <filename>.roothash</filename> suffix is found next to the image file, bearing otherwise the same name the + root hash is read from it and automatically used.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>-a</option></term> <term><option>--as-pid2</option></term> |