summaryrefslogtreecommitdiff
path: root/man/systemd-nspawn.xml
AgeCommit message (Collapse)Author
2014-02-10nspawn,man: use a common vocabulary when referring to selinux security contextsLennart Poettering
Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly.
2014-02-07nspawn: rename --file-label to --apifs-label since it's really just about ↵Lennart Poettering
the API file systems, nothing else
2014-02-06nspawn: add --quiet switch for turning off any output noiseLennart Poettering
2014-02-04nspawn: various fixes in selinux hookupLennart Poettering
- As suggested, prefix argument variables with "arg_" how we do this usually. - As suggested, don't involve memory allocations when storing command line arguments. - Break --help text at 80 chars - man: explain that this is about SELinux - don't do unnecessary memory allocations when putting together mount option string
2014-02-04Add SELinux support to systemd-nspawnDan Walsh
This patch adds to new options: -Z PROCESS_LABEL This specifies the process label to run on processes run within the container. -L FILE_LABEL The file label to assign to memory file systems created within the container. For example if you wanted to wrap an container with SELinux sandbox labels, you could execute a command line the following chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
2013-12-13nspawn: add new --setenv= switch to set an environment variable for the ↵Lennart Poettering
container to spawn
2013-12-12man: add another nspawn exampleZbigniew Jędrzejewski-Szmek
Taken from https://bugs.freedesktop.org/show_bug.cgi?id=68369.
2013-11-20nspawn: add new --drop-capability= switchLennart Poettering
2013-11-09man,units: fix installation of systemd-nspawn@.service and add exampleZbigniew Jędrzejewski-Szmek
2013-10-31machinectl: add new command to spawn a getty inside a containerLennart Poettering
2013-09-12man: wording and grammar updatesJan Engelhardt
This is a recurring submission and includes corrections to various issue spotted. I guess I can just skip over reporting ubiquitous comma placement fixes… Highligts in this particular commit: - the "unsigned" type qualifier is completed to form a full type "unsigned int" - alphabetic -> lexicographic (that way we automatically define how numbers get sorted)
2013-09-10man: wording and grammar updatesJan Engelhardt
This includes regularly-submitted corrections to comma setting and orthographical mishaps that appeared in man/ in recent commits. In this particular commit: - the usual comma fixes - expand contractions (this is prose)
2013-08-19man: fix spacing issue in systemd-nspawn(1)Zbigniew Jędrzejewski-Szmek
Same as 1e158d273.
2013-07-19man: update systemd-nspawn regarding new --slice= logicLennart Poettering
2013-07-02man: improve grammar and word formatting in numerous man pagesJason St. John
Use proper grammar, word usage, adjective hyphenation, commas, capitalization, spelling, etc. To improve readability, some run-on sentences or sentence fragments were revised. [zj: remove the space from 'file name', 'host name', and 'time zone'.]
2013-06-22man: Fix small typoMichael Biebl
2013-05-10audit: since audit is apparently never going to be fixed for containers tell ↵Lennart Poettering
the user what's going on Let's try to be helpful to the user and give him a hint what he can do to make nspawn work with normal OS containers. https://bugzilla.redhat.com/show_bug.cgi?id=893751
2013-05-09man: document that the kernel's audit subsystem is currently incompatible ↵Lennart Poettering
with nspawn containers
2013-05-06nspawn: explain that we look for /etc/os-release in the container directoryLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=64014
2013-05-03man: add various filenames to the indexZbigniew Jędrzejewski-Szmek
Everything which is an absolute filename marked with <filename></filename> lands in the index, unless noindex= attribute is present. Should make it easier for people to find stuff when they are looking at a file on disk. Various formatting errors in manpages are fixed, kernel-install(1) is restored to formatting sanity.
2013-04-17man: fix syntax in nsenter exampleZbigniew Jędrzejewski-Szmek
Apparently nsenter doesn't handle options concatenated together. I'm pretty sure it worked at one point, but it seems like magic, since each of those options can take arguments.
2013-04-16nspawn: introduce the new /machine/ tree in the cgroup tree and move ↵Lennart Poettering
containers there Containers will now carry a label (normally derived from the root directory name, but configurable by the user), and the container's root cgroup is /machine/<label>. This label is called "machine name", and can cover both containers and VMs (as soon as libvirt also makes use of /machine/). libsystemd-login can be used to query the machine name from a process. This patch also includes numerous clean-ups for the cgroup code.
2013-02-27man: document systemd-nspawn behaviour with -bZbigniew Jędrzejewski-Szmek
Cf. cb96a2c69 and 1ddf879a.
2013-02-25nspawn: add --bind= and --bind-ro= to bind mount host paths into the containerLennart Poettering
2013-02-25Revert "nspawn: catch config mistake of specifying -b and args"Michal Schmidt
This reverts commit cb96a2c69a312fb089fef4501650f4fc40a1420b. It is not a mistake to pass args when -b is specified. They will simply be passed on to the container's init. The manpage needs fixing, that's true.
2013-02-24nspawn: catch config mistake of specifying -b and argsZbigniew Jędrzejewski-Szmek
2013-02-14nspawn: print PID and show how to enter the namespaceZbigniew Jędrzejewski-Szmek
systemd-nspawn will now print the PID of the child. An example showing how to enter the container is added to the man page. Support for nsenter without an explicit command was added in https://github.com/karelzak/util-linux/commit/5758069 (post v2.22.2). So this example requires both a new kernel and the latest util-linux.
2013-02-13man: use <replaceable> in various placesZbigniew Jędrzejewski-Szmek
2013-02-13man: Make options consistentWilliam Giokas
Option listings seemed to be pretty much random, some were short opt, long opt, others were long opt, short opt. This just makes every option with a short and long opt that I could find in the order short opt, long opt, for formatting's sake.
2013-01-29man: mention pacman at the top of the nspawn man page, tooLennart Poettering
2013-01-27man: add Arch Linux entry to systemd-nspawn(5)William Giokas
Archlinux has a similar tool to debbotstrap in the arch-install-scripts package that will install to a specified directory. This is generally used for installation, so the -d flag must be passed to tell it to install to a non-mountpoint directory.
2013-01-18man: update suggested yum command line in nspawn(1)Lennart Poettering
2013-01-18nspawn: add audit caps to default set to keepLennart Poettering
Due to the brokeness of much of the userspace audit code we cannot really start too many systems without the audit caps set. To make nspawn easier to use just add the audit caps by default. To boot up containers successfully the kernel's auditing needs to be turned off still (use "audit=0" on the kernel command line), but at least no manual caps have to be passed anymore. In the long run auditing will be fixed for containers and ve virtualized properly at which time it should be safe to enable these caps anyway.
2013-01-11nspawn: add --versionZbigniew Jędrzejewski-Szmek
2012-10-26man: typo fixesThomas Hindoe Paaboel Andersen
https://bugs.freedesktop.org/show_bug.cgi?id=55890 Fixed typos, serial comma, and removed "either" as there were more than two options. Also did an extra rename of "system-shutdown" to "systemd-shutdown" that was forgotten in commit 8bd3b8620c80d0f2383f2fb04315411fc8077ca1
2012-10-02nspawn: use automatic cleanup and provide debug infoZbigniew Jędrzejewski-Szmek
The documentation for --link-journal is also reworded.
2012-10-02trivial: fix typoZbigniew Jędrzejewski-Szmek
2012-09-14nspawn: Fix minor typo in man pagePierre Schmitz
2012-09-05nspawn: handle poweroff/reboot nicely in containersLennart Poettering
2012-07-19nspawn: introduce new --link-journal= switch to link container journals into ↵Lennart Poettering
host
2012-06-28man: add various links from man pages to appropriate wiki pagesLennart Poettering
2012-06-28nspawn: introduce new --capabilities= flag and make use of it in the nspawn ↵Lennart Poettering
test case
2012-04-25nspawn: add --read-only switchLennart Poettering
2012-04-24man: rework nspawn man page to suggest yum --installroot instead of mockLennart Poettering
2012-04-22nspawn: add --uuid= switch to allow setting the machine id for the containerLennart Poettering
2012-04-22nspawn: add -b switch to automatically look for an init binaryLennart Poettering
2012-04-12One can specify in which cgroup hierarchies a systemd-nspawn container will ↵Léo Gillot-Lamure
appear
2012-04-12relicense to LGPLv2.1 (with exceptions)Lennart Poettering
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-02-08move /usr/bin/systemd to /usr/lib/systemd/systemdKay Sievers
2011-08-20exec: optionally apply cgroup attributes to the cgroups we createLennart Poettering