diff options
Diffstat (limited to 'man/systemd.nspawn.xml')
-rw-r--r-- | man/systemd.nspawn.xml | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml index 7bfafb424f..99b5889484 100644 --- a/man/systemd.nspawn.xml +++ b/man/systemd.nspawn.xml @@ -77,7 +77,7 @@ Microsoft Windows <filename>.ini</filename> files.</para> <para>Boolean arguments used in these settings files can be - written in various formats. For positive settings the strings + written in various formats. For positive settings, the strings <option>1</option>, <option>yes</option>, <option>true</option> and <option>on</option> are equivalent. For negative settings, the strings <option>0</option>, <option>no</option>, @@ -102,11 +102,11 @@ directory or image file name. This file is first searched in <filename>/etc/systemd/nspawn/</filename> and <filename>/run/systemd/nspawn/</filename>. If found in these - directories its settings are read and all of them take full effect + directories, its settings are read and all of them take full effect (but are possibly overridden by corresponding command line - arguments). If not found the file will then be searched next to + arguments). If not found, the file will then be searched next to the image file or in the immediate parent of the root directory of - the container. If the file is found there only a subset of the + the container. If the file is found there, only a subset of the settings will take effect however. All settings that possibly elevate privileges or grant additional access to resources of the host (such as files or directories) are ignored. To which options @@ -119,7 +119,7 @@ placed in <filename>/var/lib/machines/</filename> instead (next to the container images), where their security impact is limited. In order to add privileged settings to <filename>.nspawn</filename> - files acquired from the image vendor it is recommended to copy the + files acquired from the image vendor, it is recommended to copy the settings files into <filename>/etc/systemd/nspawn/</filename> and edit them there, so that the privileged options become available. The precise algorithm how the files are searched and @@ -142,9 +142,9 @@ <term><varname>Boot=</varname></term> <listitem><para>Takes a boolean argument, defaults to off. If - enabled <command>systemd-nspawn</command> will automatically + enabled, <command>systemd-nspawn</command> will automatically search for an <filename>init</filename> executable and invoke - it. In this case the specified parameters using + it. In this case, the specified parameters using <varname>Parameters=</varname> are passed as additional arguments to the <filename>init</filename> process. This setting corresponds to the <option>--boot</option> switch on @@ -155,7 +155,7 @@ <varlistentry> <term><varname>Parameters=</varname></term> - <listitem><para>Takes a space separated list of + <listitem><para>Takes a space-separated list of arguments. This is either a command line, beginning with the binary name to execute, or – if <varname>Boot=</varname> is enabled – the list of arguments to pass to the init @@ -190,7 +190,7 @@ <term><varname>Capability=</varname></term> <term><varname>DropCapability=</varname></term> - <listitem><para>Takes a space separated list of Linux process + <listitem><para>Takes a space-separated list of Linux process capabilities (see <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details). The <varname>Capability=</varname> setting @@ -205,7 +205,7 @@ <filename>.nspawn</filename> files in <filename>/etc/systemd/nspawn/</filename> and <filename>/run/system/nspawn/</filename> (see above). On the - other hand <varname>DropCapability=</varname> takes effect in + other hand, <varname>DropCapability=</varname> takes effect in all cases.</para></listitem> </varlistentry> @@ -220,7 +220,7 @@ <varlistentry> <term><varname>MachineID=</varname></term> - <listitem><para>Configures the 128bit machine ID (UUID) to pass to + <listitem><para>Configures the 128-bit machine ID (UUID) to pass to the container. This is equivalent to the <option>--uuid=</option> command line switch. This option is privileged (see above). </para></listitem> @@ -241,7 +241,7 @@ <term><varname>ReadOnly=</varname></term> <listitem><para>Takes a boolean argument, defaults to off. If - specified the container will be run with a read-only file + specified, the container will be run with a read-only file system. This setting corresponds to the <option>--read-only</option> command line switch.</para></listitem> @@ -304,7 +304,7 @@ <term><varname>Private=</varname></term> <listitem><para>Takes a boolean argument, defaults to off. If - enabled the container will run in its own network namespace + enabled, the container will run in its own network namespace and not share network interfaces and configuration with the host. This setting corresponds to the <option>--private-network</option> command line @@ -326,7 +326,7 @@ <varlistentry> <term><varname>Interface=</varname></term> - <listitem><para>Takes a space separated list of interfaces to + <listitem><para>Takes a space-separated list of interfaces to add to the container. This option corresponds to the <option>--network-interface=</option> command line switch and implies <varname>Private=yes</varname>. This option is @@ -337,7 +337,7 @@ <term><varname>MACVLAN=</varname></term> <term><varname>IPVLAN=</varname></term> - <listitem><para>Takes a space separated list of interfaces to + <listitem><para>Takes a space-separated list of interfaces to add MACLVAN or IPVLAN interfaces to, which are then added to the container. These options correspond to the <option>--network-macvlan=</option> and |