diff options
Diffstat (limited to 'man/systemd-nspawn.xml')
-rw-r--r-- | man/systemd-nspawn.xml | 127 |
1 files changed, 74 insertions, 53 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index ffd707092c..d6f2d11dcc 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -174,6 +174,17 @@ </varlistentry> <varlistentry> + <term><option>-q</option></term> + <term><option>--quiet</option></term> + + <listitem><para>Turns off any status + output by the tool itself. When this + switch is used, then the only output + by nspawn will be the console output + of the container OS itself.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>-D</option></term> <term><option>--directory=</option></term> @@ -229,37 +240,6 @@ </varlistentry> <varlistentry> - <term><option>--slice=</option></term> - - <listitem><para>Make the container - part of the specified slice, instead - of the - <filename>machine.slice</filename>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-Z</option></term> - <term><option>--selinux-context=</option></term> - - <listitem><para>Sets the SELinux - security context to be used to label - processes in the container.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-L</option></term> - <term><option>--selinux-apifs-context=</option></term> - - <listitem><para>Sets the SELinux security - context to be used to label files in - the virtual API file systems in the - container.</para> - </listitem> - </varlistentry> - - <varlistentry> <term><option>--uuid=</option></term> <listitem><para>Set the specified UUID @@ -271,15 +251,27 @@ </varlistentry> <varlistentry> + <term><option>--slice=</option></term> + + <listitem><para>Make the container + part of the specified slice, instead + of the default + <filename>machine.slice</filename>.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><option>--private-network</option></term> - <listitem><para>Turn off networking in - the container. This makes all network - interfaces unavailable in the - container, with the exception of the - loopback device and those specified - with - <option>--network-interface=</option>. If + <listitem><para>Disconnect networking + of the container from the host. This + makes all network interfaces + unavailable in the container, with the + exception of the loopback device and + those specified with + <option>--network-interface=</option> + and configured ith + <option>--network-veth</option>. If this option is specified the CAP_NET_ADMIN capability will be added to the set of capabilities the @@ -308,11 +300,43 @@ </varlistentry> <varlistentry> - <term><option>--read-only</option></term> + <term><option>--network-veth</option></term> + + <listitem><para>Create a virtual + ethernet link between host and + container. The host side of the + ethernet link will be available as + network interface named after the + container's name (as specified with + <option>--machine=</option>), prefixed + with <literal>ve-</literal>. The + container side of the the ethernet + link will be named + <literal>host0</literal>. Note that + <option>--network-veth</option> + implies + <option>--private-network</option>.</para></listitem> + </varlistentry> - <listitem><para>Mount the root file - system read-only for the - container.</para></listitem> + <varlistentry> + <term><option>-Z</option></term> + <term><option>--selinux-context=</option></term> + + <listitem><para>Sets the SELinux + security context to be used to label + processes in the container.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>-L</option></term> + <term><option>--selinux-apifs-context=</option></term> + + <listitem><para>Sets the SELinux security + context to be used to label files in + the virtual API file systems in the + container.</para> + </listitem> </varlistentry> <varlistentry> @@ -406,6 +430,14 @@ </varlistentry> <varlistentry> + <term><option>--read-only</option></term> + + <listitem><para>Mount the root file + system read-only for the + container.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>--bind=</option></term> <term><option>--bind-ro=</option></term> @@ -440,17 +472,6 @@ </varlistentry> <varlistentry> - <term><option>-q</option></term> - <term><option>--quiet</option></term> - - <listitem><para>Turns off any status - output by the tool itself. When this - switch is used, then the only output - by nspawn will be the console output - of the container OS itself.</para></listitem> - </varlistentry> - - <varlistentry> <term><option>--share-system</option></term> <listitem><para>Allows the container |