diff options
-rw-r--r-- | man/systemd-nspawn.xml | 17 | ||||
-rw-r--r-- | src/nspawn/nspawn.c | 37 |
2 files changed, 47 insertions, 7 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 4a936d326f..e84d2b7f11 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -297,7 +297,22 @@ <listitem><para>Make the container part of the specified slice, instead of the default - <filename>machine.slice</filename>.</para> + <filename>machine.slice</filename>. This is only applies if + the machine is run in its own scope unit, i.e. if + <option>--keep-unit</option> is not used.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>--property=</option></term> + + <listitem><para>Set a unit property on the scope unit to + register for the machine. This only applies if the machine is + run in its own scope unit, i.e. if + <option>--keep-unit</option> is not used. Takes unit property + assignments in the same format as <command>systemctl + set-property</command>. This is useful to set memory limits + and similar for machines.</para> </listitem> </varlistentry> diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index fb672510b4..232629d20a 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -187,6 +187,7 @@ static unsigned long arg_personality = 0xffffffffLU; static char *arg_image = NULL; static Volatile arg_volatile = VOLATILE_NO; static ExposePort *arg_expose_ports = NULL; +static char **arg_property = NULL; static void help(void) { printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n" @@ -205,6 +206,7 @@ static void help(void) { " -M --machine=NAME Set the machine name for the container\n" " --uuid=UUID Set a specific machine UUID for the container\n" " -S --slice=SLICE Place the container in the specified slice\n" + " --property=NAME=VALUE Set scope unit property\n" " --private-network Disable network in container\n" " --network-interface=INTERFACE\n" " Assign an existing network interface to the\n" @@ -294,6 +296,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_PERSONALITY, ARG_VOLATILE, ARG_TEMPLATE, + ARG_PROPERTY, }; static const struct option options[] = { @@ -331,6 +334,7 @@ static int parse_argv(int argc, char *argv[]) { { "image", required_argument, NULL, 'i' }, { "volatile", optional_argument, NULL, ARG_VOLATILE }, { "port", required_argument, NULL, 'p' }, + { "property", required_argument, NULL, ARG_PROPERTY }, {} }; @@ -731,6 +735,12 @@ static int parse_argv(int argc, char *argv[]) { break; } + case ARG_PROPERTY: + if (strv_extend(&arg_property, optarg) < 0) + return log_oom(); + + break; + case '?': return -EINVAL; @@ -1897,6 +1907,7 @@ static int register_machine(pid_t pid, int local_ifindex) { local_ifindex > 0 ? 1 : 0, local_ifindex); } else { _cleanup_bus_message_unref_ sd_bus_message *m = NULL; + char **i; r = sd_bus_message_new_method_call( bus, @@ -1906,7 +1917,7 @@ static int register_machine(pid_t pid, int local_ifindex) { "org.freedesktop.machine1.Manager", "CreateMachineWithNetwork"); if (r < 0) - return log_error_errno(r, "Failed to create message: %m"); + return bus_log_create_error(r); r = sd_bus_message_append( m, @@ -1919,21 +1930,21 @@ static int register_machine(pid_t pid, int local_ifindex) { strempty(arg_directory), local_ifindex > 0 ? 1 : 0, local_ifindex); if (r < 0) - return log_error_errno(r, "Failed to append message arguments: %m"); + return bus_log_create_error(r); r = sd_bus_message_open_container(m, 'a', "(sv)"); if (r < 0) - return log_error_errno(r, "Failed to open container: %m"); + return bus_log_create_error(r); if (!isempty(arg_slice)) { r = sd_bus_message_append(m, "(sv)", "Slice", "s", arg_slice); if (r < 0) - return log_error_errno(r, "Failed to append slice: %m"); + return bus_log_create_error(r); } r = sd_bus_message_append(m, "(sv)", "DevicePolicy", "s", "strict"); if (r < 0) - return log_error_errno(r, "Failed to add device policy: %m"); + return bus_log_create_error(r); r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 9, /* Allow the container to @@ -1959,9 +1970,23 @@ static int register_machine(pid_t pid, int local_ifindex) { if (r < 0) return log_error_errno(r, "Failed to add device whitelist: %m"); + STRV_FOREACH(i, arg_property) { + r = sd_bus_message_open_container(m, 'r', "sv"); + if (r < 0) + return bus_log_create_error(r); + + r = bus_append_unit_property_assignment(m, *i); + if (r < 0) + return r; + + r = sd_bus_message_close_container(m); + if (r < 0) + return bus_log_create_error(r); + } + r = sd_bus_message_close_container(m); if (r < 0) - return log_error_errno(r, "Failed to close container: %m"); + return bus_log_create_error(r); r = sd_bus_call(bus, m, 0, &error, NULL); } |