From 58abb66f4b9b0b3a16fe29211454d9936d35c35d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 7 Dec 2016 18:36:08 +0100 Subject: man: update the nspawn man page, and document what kind of dissection features we now support --- man/systemd-nspawn.xml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index cd0a90d82f..2bc81ea1aa 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -235,16 +235,33 @@ identified by the partition types defined by the Discoverable Partitions Specification. + + No partition table, and a single file system spanning the whole image. On GPT images, if an EFI System Partition (ESP) is discovered, it is automatically mounted to /efi (or /boot as fallback) in case a directory by this name exists and is empty. + Partitions encrypted with LUKS are automatically decrypted. Also, on GPT images dm-verity data integrity + hash partitions are set up if the root hash for them is specified using the + option. + Any other partitions, such as foreign partitions or swap partitions are not mounted. May not be specified together with , . + + + + Takes a data integrity (dm-verity) root hash specified in hexadecimal. This option enables data + integrity checks using dm-verity, if the used image contains the appropriate integrity data (see above). The + specified hash must match the root hash of integrity data, and is usually at least 256bits (and hence 64 + hexadecimal characters) long (in case of SHA256 for example). If this option is not specified, but a file with + the .roothash suffix is found next to the image file, bearing otherwise the same name the + root hash is read from it and automatically used. + + -- cgit v1.2.3-54-g00ecf