From f757855e81fc0bc116de372220096e532afb5cb8 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sun, 6 Sep 2015 01:22:14 +0200 Subject: nspawn: add new .nspawn files for container settings .nspawn fiels are simple settings files that may accompany container images and directories and contain settings otherwise passed on the nspawn command line. This provides an efficient way to attach execution data directly to containers. --- man/systemd-nspawn.xml | 67 ++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 60 insertions(+), 7 deletions(-) (limited to 'man/systemd-nspawn.xml') diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 6165fe1357..b1d68b9ecd 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -1,4 +1,4 @@ - + @@ -748,34 +748,86 @@ - =MODE + + MODE Boots the container in volatile mode. When no mode parameter is passed or when mode is specified as - yes full volatile mode is enabled. This + full volatile mode is enabled. This means the root directory is mounted as mostly unpopulated tmpfs instance, and /usr from the OS tree is mounted into it, read-only (the system thus starts up with read-only OS resources, but pristine state and configuration, any changes to the either are lost on shutdown). When the mode parameter - is specified as state the OS tree is + is specified as the OS tree is mounted read-only, but /var is mounted as tmpfs instance into it (the system thus starts up with read-only OS resources and configuration, but pristine state, any changes to the latter are lost on shutdown). When the mode parameter is specified as - no (the default) the whole OS tree is made + (the default) the whole OS tree is made available writable. - Note that setting this to yes or - state will only work correctly with + Note that setting this to or + will only work correctly with operating systems in the container that can boot up with only /usr mounted, and are able to populate /var automatically, as needed. + + MODE + + Controls whether + systemd-nspawn shall search for and use + additional per-container settings from + .nspawn files. Takes a boolean or the + special values or + . + + If enabled (the default) a settings file named after the + machine (as specified with the + setting, or derived from the directory or image file name) + with the suffix .nspawn is searched in + /etc/systemd/nspawn/ and + /run/systemd/nspawn/. If it is found + there, its settings are read and used. If it is not found + there it is subequently searched in the same directory as the + image file or in the immediate parent of the root directory of + the container. In this case, if the file is found its settings + will be also read and used, but potentially unsafe settings + are ignored. Note that in both these cases settings on the + command line take precendence over the corresponding settings + from loaded .nspawn files, if both are + specified. Unsafe settings are considered all settings that + elevate the container's privileges or grant access to + additional resources such as files or directories of the + host. For details about the format and contents of + .nspawn files consult + systemd.nspawn5. + + If this option is set to the + file is searched, read and used the same way, however the order of + precedence is reversed: settings read from the + .nspawn file will take precedence over + the corresponding command line options, if both are + specified. + + If this option is set to the + file is searched, read and used the same way, but regardless + if found in /etc/systemd/nspawn/, + /run/systemd/nspawn/ or next to the image + file or container root directory, all settings will take + effect, however command line arguments still take precedence + over corresponding settings. + + If disabled no .nspawn file is read + and no settings except the ones on the command line are in + effect. + + @@ -859,6 +911,7 @@ See Also systemd1, + systemd.nspawn5, chroot1, dnf8, yum8, -- cgit v1.2.3-54-g00ecf