diff options
| -rw-r--r-- | src/systemd-nspawn/nspawn.c | 8 | ||||
| -rw-r--r-- | src/systemd-nspawn/systemd-nspawn.xml | 7 |
2 files changed, 11 insertions, 4 deletions
diff --git a/src/systemd-nspawn/nspawn.c b/src/systemd-nspawn/nspawn.c index 25376d0b28..5f5e21c0f4 100644 --- a/src/systemd-nspawn/nspawn.c +++ b/src/systemd-nspawn/nspawn.c @@ -217,9 +217,13 @@ static void help(void) { " --uuid=UUID Set a specific machine UUID for the container\n" " -S --slice=SLICE Place the container in the specified slice\n" " --property=NAME=VALUE Set scope unit property\n" - " -U --private-users=pick Run within user namespace, autoselect UID/GID range\n" - " --private-users[=UIDBASE[:NUIDS]]\n" + " --private-users[=yes] Run within user namespace, detect UID/GID range\n" + " --private-users=UIDBASE[:NUIDS]\n" " Similar, but with user configured UID/GID range\n" + " --private-users=pick Similar, but autoselect an unused UID/GID range,\n" + " implies --private-users-chown" + " -U If the kernel supports the user namespaces feature,\n" + " equivalent to --private-users=pick; otherwise ignored\n" " --private-users-chown Adjust OS tree ownership to private UID/GID range\n" " --private-network Disable network in container\n" " --network-interface=INTERFACE\n" diff --git a/src/systemd-nspawn/systemd-nspawn.xml b/src/systemd-nspawn/systemd-nspawn.xml index c449edee89..0019f948b1 100644 --- a/src/systemd-nspawn/systemd-nspawn.xml +++ b/src/systemd-nspawn/systemd-nspawn.xml @@ -881,8 +881,11 @@ <command>systemd-nspawn</command> is invoked from within a service unit, and the service unit's sole purpose is to run a single <command>systemd-nspawn</command> container. This - option is not available if run from a user - session.</para></listitem> + option is not available if run from a user session. If using + the cgroup v2 unified hierarchy, this assumes that + <command>systemd-nspawn</command> has the control group all to + itself; that it is the only process in the + group.</para></listitem> </varlistentry> <varlistentry> |